Standards and Guidelines
Technical Standards and Guidelines
Chapter 1. General Provisions
General Provisions
Article 1. Definitions and General Matters.
1-101. Definitions.
1-102. Authority; applicability.
1-103. Waiver policy.
Article 2. Planning and Project Management.
1-201. Information technology plans.
1-202. Project reviews; information technology projects submitted as part of the state biennial budget process.
1-203. Project progress reports.
1-204. Procurement review policy.
1-205. List of pre-approved items for purchase.
1-206. Enterprise projects.
Resource Documents.
1-RD-01. Table: Statutory references; cross references.
1-RD-02. Tables: Waivers.
Chapter 2. Accessibility
Accessibility
Article 1. General Provisions.
2-101. Accessibility policy.
Article 2. Technology Access Clause.
2-201. [Superseded.]
Chapter 3. Geographic Information Systems
Geographic Information Systems
Article 1. GIS; State Government Standards and Guidelines.
3-101. GIS software.
3-102. NebraskaMAP portal.
Article 2. GIS Data.
3-201. Geospatial metadata standard.
3-202. Land record information and mapping standard.
3-203. Lidar standard.
3-204. Imagery standard.
3-205. Street centerlines.
3-206. Address points.
Article 3. Nebraska Plane Coordinate System.
3-301. Nebraska Plane Coordinate System.
Chapter 4. E-Government
E-Government
Article 1. General Provisions.
4-101. [Repealed.]
Article 2. State Government Website.
4-201. State government web pages; footer guidelines.
4-202. Web cookie standard.
4-203. Security statement.
4-204. [Repealed.]
Chapter 5. State Government Enterprise Systems
State Government Enterprise Systems
Article 1. [Reserved.]
5-101. [Repealed.]
5-102. [Repealed.]
Article 2. Email System.
5-201. Email standard for state agencies.
5-202. [Repealed.]
5-203. [Repealed.]
5-204. [Repealed.]
Article 3. Internet Fax System.
5-301. Internet fax standard for state agencies.
Article 4. Active Directory.
5-401. Active Directory; user photographs.
Chapter 6. [Reserved]
Reserved
Chapter 7. Networks
Networks
Article 1. State Network.
7-101. State communications system; acceptable use policy.
7-102. DNS forwarding standard.
7-103. SMTP routing standard.
7-104. Web domain name standard.
7-105. Wireless local area network standard.
7-106. Internet of Things (IoT) standard.
Article 2. Network Nebraska.
7-201. Network Nebraska; network edge device standard.
7-202. Contracting guideline for an upgrade of distance learning services.
7-203. IP communication protocol standard for synchronous distance learning and videoconferencing over Network Nebraska.
7-204. Video and audio compression standard for synchronous distance learning and videoconferencing.
7-205. Scheduling standard for synchronous distance learning and videoconferencing.
Resource Documents
7-RD-01. Telecommunications facilities and services.
Chapter 8. Information Security Policy
Information Security Policy
Article 1. Purpose; Scope; Roles and Responsibilities; Policy Exception Process.
8-101. Purpose.
8-102. Scope.
8-103. Roles and responsibilities.
8-104. Policy exception process.
Article 2. General Provisions.
8-201. Acceptable use.
8-202. Change control management.
8-203. Multi-function devices.
8-204. Email.
8-205. Portable storage devices.
8-206. Facilities; physical security requirements.
8-207. Facilities; identification badges; visitors.
8-208. External service providers.
8-209. Agency security planning and reporting.
8-210. Information security strategic plan.
8-211. System security plan.
8-212. [Repealed.]
8-213. International travel.
Article 3. Access Control.
8-301. Remote access.
8-302. Passwords.
8-302.1. Public accounts; passwords.
8-303. Identification and authorization.
8-304. Privileged access accounts.
Article 4. Network Security.
8-401. Network documentation.
8-402. Network transmission security.
8-403. Network architecture requirements.
8-404. External connections.
8-405. Wireless networks.
Article 5. System Security.
8-501. System security; approved hardware and software; documentation.
8-502. Minimum user account configuration.
8-503. Minimum server configuration.
8-504. Minimum workstation configuration.
8-505. [Repealed.]
8-506. Minimum mobile device configuration.
8-507. System maintenance.
8-508. Kiosks and public access workstations.
Article 6. Application Security.
8-601. Application documentation.
8-602. Application code.
8-603. Separation of test and production environments.
8-604. Application development.
8-605. Web applications and services.
8-606. Staff use of cloud storage websites.
8-607. Cloud computing.
8-608. Low-code/no-code and containerization development.
8-609. Artificial intelligence policy.
Article 7. Auditing and Compliance.
8-701. Auditing and compliance; responsibilities; review.
8-702. Awareness and training.
8-703. Security reviews; risk management.
8-704. Logging.
8-705. Logging; format, storage, and retention.
8-706. Logging; auditable events.
8-707. Logging; audit log contents.
8-708. Logging; audit review, monitoring, findings and remediation.
8-709. Logging; application logging review and monitoring.
Article 8. Vulnerability and Incident Management.
8-801. Incident response.
8-802. Incident response plan.
8-803. Penetration testing.
8-804. Vulnerability scanning.
8-805. Malicious software protection.
8-806. Security deficiencies.
8-807. Third party cyber risk management.
Article 9. Data Security.
8-901. State data.
8-902. Data classification categories.
8-903. Data inventory.
8-904. Data security control assessment.
8-905. Data sharing.
8-906. Data destruction.
Full Technical Standards and Guidelines PDF
Full Technical Standards and Guidelines PDF