Standards and Guidelines

geometric shapes cubes with shattering glass and bright lights on a dark background NITC Nebraska Information Technology Commission

Technical Standards and Guidelines

Chapter 1. General Provisions

General Provisions

Article 1. Definitions and General Matters.

1-101. Definitions.

1-102. Authority; applicability.

1-103. Waiver policy.

Article 2. Planning and Project Management.

1-201. Information technology plans.

1-202. Project reviews; information technology projects submitted as part of the state biennial budget process.

1-203. Project progress reports.

1-204. Procurement review policy.

1-205. List of pre-approved items for purchase.

1-206. Enterprise projects.

Resource Documents.

1-RD-01. Table: Statutory references; cross references.

1-RD-02. Tables: Waivers.

Chapter 2. Accessibility

Accessibility

Article 1. General Provisions.

2-101. Accessibility policy.

Article 2. Technology Access Clause.

2-201. [Superseded.]

Chapter 3. Geographic Information Systems

Geographic Information Systems

Article 1. GIS; State Government Standards and Guidelines.

3-101. GIS software.

3-102. NebraskaMAP portal.

Article 2. GIS Data.

3-201. Geospatial metadata standard.

3-202. Land record information and mapping standard.

3-203. Lidar standard.

3-204. Imagery standard.

3-205. Street centerlines.

3-206. Address points.

Article 3. Nebraska Plane Coordinate System.

3-301. Nebraska Plane Coordinate System.

Chapter 4. E-Government

E-Government

Article 1. General Provisions.

4-101. [Repealed.]

Article 2. State Government Website.

4-203. Security statement.

4-204. [Repealed.]

Chapter 5. State Government Enterprise Systems

State Government Enterprise Systems

Article 1. [Reserved.]

5-101. [Repealed.]

5-102. [Repealed.]

Article 2. Email System.

5-201. Email standard for state agencies.

5-202. [Repealed.]

5-203. [Repealed.]

5-204. [Repealed.]

Article 3. Internet Fax System.

5-301. Internet fax standard for state agencies.

Article 4. Active Directory.

5-401. Active Directory; user photographs.

Chapter 6. [Reserved]

Reserved

Chapter 7. Networks

Networks

Article 1. State Network.

7-101. State communications system; acceptable use policy.

7-102. DNS forwarding standard.

7-103. SMTP routing standard.

7-104. Web domain name standard.

7-105. Wireless local area network standard.

7-106. Internet of Things (IoT) standard.

Article 2. Network Nebraska.

7-201. Network Nebraska; network edge device standard.

7-202. Contracting guideline for an upgrade of distance learning services.

7-203. IP communication protocol standard for synchronous distance learning and videoconferencing over Network Nebraska.

7-204. Video and audio compression standard for synchronous distance learning and videoconferencing.

7-205. Scheduling standard for synchronous distance learning and videoconferencing.

Resource Documents

7-RD-01. Telecommunications facilities and services.

Chapter 8. Information Security Policy

Information Security Policy

Article 1. Purpose; Scope; Roles and Responsibilities; Policy Exception Process.

8-101. Purpose.

8-102. Scope.

8-103. Roles and responsibilities.

8-104. Policy exception process.

Article 2. General Provisions.

8-201. Acceptable use.

8-202. Change control management.

8-203. Multi-function devices.

8-204. Email.

8-205. Portable storage devices.

8-206. Facilities; physical security requirements.

8-207. Facilities; identification badges; visitors.

8-208. External service providers.

8-209. Agency security planning and reporting.

8-210. Information security strategic plan.

8-211. System security plan.

8-212. [Repealed.]

8-213. International travel.

Article 3. Access Control.

8-301. Remote access.

8-302. Passwords.

8-302.1. Public accounts; passwords.

8-303. Identification and authorization.

8-304. Privileged access accounts.

Article 4. Network Security.

8-401. Network documentation.

8-402. Network transmission security.

8-403. Network architecture requirements.

8-404. External connections.

8-405. Wireless networks.

Article 5. System Security.

8-501. System security; approved hardware and software; documentation.

8-502. Minimum user account configuration.

8-503. Minimum server configuration.

8-504. Minimum workstation configuration.

8-505. [Repealed.]

8-506. Minimum mobile device configuration.

8-507. System maintenance.

8-508. Kiosks and public access workstations.

Article 6. Application Security.

8-601. Application documentation.

8-602. Application code.

8-603. Separation of test and production environments.

8-604. Application development.

8-605. Web applications and services.

8-606. Staff use of cloud storage websites.

8-607. Cloud computing.

8-608. Low-code/no-code and containerization development.

8-609. Artificial intelligence policy.

Article 7. Auditing and Compliance.

8-701. Auditing and compliance; responsibilities; review.

8-702. Awareness and training.

8-703. Security reviews; risk management.

8-704. Logging.

8-705. Logging; format, storage, and retention.

8-706. Logging; auditable events.

8-707. Logging; audit log contents.

8-708. Logging; audit review, monitoring, findings and remediation.

8-709. Logging; application logging review and monitoring.

Article 8. Vulnerability and Incident Management.

8-801. Incident response.

8-802. Incident response plan.

8-803. Penetration testing.

8-804. Vulnerability scanning.

8-805. Malicious software protection.

8-806. Security deficiencies.

8-807. Third party cyber risk management.

Article 9. Data Security.

8-901. State data.

8-902. Data classification categories.

8-903. Data inventory.

8-904. Data security control assessment.

8-905. Data sharing.

8-906. Data destruction.

Full Technical Standards and Guidelines PDF

Full Technical Standards and Guidelines PDF