Policies & Standards

Welcome to the MaineIT Policies, Standards, and Procedures page. By default, the below content applies to any/all Information Technology Assets under the purview of the Chief Information Officer. You can sort the table below by topic or title, or you can search via the search box for your desired document. Any questions about this content should be directed to the MaineIT Architecture and Policy team.

For the latest updates about certain policies, please reference this list of Policy Pulses.

Policy Pulse - Data Exchange Policy (PDF) (published April 12th, 2021)

Note: The documents below are in PDF format. To view PDF documents, you will need the free Adobe Reader.

Title	Date Last Updated	Security and Privacy	Web & Network	Accessibility	Lifecycle Management	Incident Planning & Response	Governance	Business
Access Control Policy (AC-1)	2023/07	●
Access Control Procedures for Users (AC-2)	2023/09	●
Application Deployment Certification Guidelines	2023/11				●
Application Deployment Certification Policy	2023/12				●
Application Deployment Certification Templates	2015/08				●
Architecture Compliance Policy	2023/04						●
Audit Policy	2018/07	●
Business Continuity and Disaster Recovery Policy	2017/10					●		●
Change Management Policy	2023/11						●
Configuration Management Policy (CM-1)	2022/03						●
Copyrightable Works Policy	2002/12						●	●
COTS-Cloud Policy	2019/07							●
Data Centers Access Control Procedure	2019/04	●
Data Classification Policy	2023/02	●
Data Exchange Policy	2023/11	●	●
Digital Accessibility Policy	2023/01			●
Domain Name Policy & Procedure	2022/12		●				●
Drone (Unmanned Aerial Vehicle) Policy	2021/12	●
Enterprise Name Resolution Procedure	2019/04		●				●
FOAA Policy	2017/10	●
Forensic Investigation Workflow Policy	2023/11						●
Global Address List Standard	2022/04		●				●
Hosting & Housing Policy	2020/11						●
Hosting-Customization Policy	2019/07						●
Information Privacy Policy	2017/09	●
Information Security Policy	2019/03	●
InforME Network Services Policy	2022/03		●
Infrastructure Deployment Certification Policy	2022/03				●
Major Incident Procedure	2023/12					●
Microsoft Low-Code Governance	2022/07						●
Microsoft Power Platform Governance: Quick Start	2021/10						●
Microsoft Power Platform: Escalation Path	2021/10						●
Mobile Device Policy	2020/12	●					●
Network Device Management Policy	2023/03	●	●				●
Off-Hours Coverage Policy	2018/08	●					●
OIT Building Access Procedures	2019/04	●					●
Personnel Security Policy and Procedures (PS-1)	2022/12	●						●
Physical and Environmental Protection Policy (PE-1)	2023/03	●					●
Policy, Standard or Procedure Creation Process	2019/09						●
Program Management Policy and Procedures (PM-1)	2023/11	●					●
Public Data Jack Policy	2018/07						●
Remote Hosting Policy	2023/10		●					●
Risk Assessment Policy and Procedures (RA-1)	2023/10	●				●
Rules of Behavior Policy (PL-4)	2023/11							●
Salesforce Governance: Background	2021/09						●
Salesforce Governance: Details	2021/09						●
Salesforce Governance: Executive Summary	2021/09						●
SDLC Policy	2017/03				●
SDLC Procedure	2018/03				●
Security Assessment and Authorization Policy and Procedures (CA-1)	2022/06	●
Security Awareness and Training Policy and Procedures (AT-1)	2021/06	●
Security Planning Policy (PL-1)	2021/06	●
Social Media for Personal Use Policy	2015/05						●
Social Media for State Business Policy	2020/02		●				●
System and Communications Protection Policy and Procedures (SC-1)	2021/07	●	●
System and Communications Protection Policy and Procedures for Encryption Mechanisms (SC-12, 13, 17)	2023/04	●	●
System and Information Integrity Policy and Procedures (SI-1)	2022/06	●
System and Services Acquisition Policy and Procedures (SA-1)	2023/11	●			●		●	●
Telecommunications Facilities and Wiring Specifications	2021/12						●
User Device and Commodity Application Policy	2023/06	●
Vulnerability Scanning Procedure (RA-5)	2021/06	●
Waiver Policy	2023/04						●
Web Standards	2020/01		●
Website Acceptance Policy	2020/01		●

Maine.gov

Policies & Standards