NJOIT Policy Library

In accordance with N.J.S.A. 52:18a-230b, NJOIT is responsible for the policies and standards governing State agencies' use of technology. We subscribe to a variety of well-established standards and constantly review our policies to ensure compliance with industry best practices.

Number Description Date Published Last Reviewed
07-10-NJOIT  Use of Statewide Disaster Recovery Facilities 06/11/2007 06/11/2014
  J2EE Application Deployment Policy and Procedures
To obtain a copy contact Infrastructure Support Services
07/2007 05/2015
  NJ Shared IT Architecture  09/2011 01/1/2014
Number Description Date Published Last Reviewed
17-03-NJOIT Enterprise Information Security Governance and Management Policy 10/18/2017 10/14/2017
16-02-NJOIT  Financial Reporting and Accountability for Information Technology Expenditures Policy 08/25/2016 03/01/2017
16-02-NJOIT-P1  Financial Reporting and Accountability for Information Technology Expenditures Procedure 08/25/2016 03/01/2017
16-02-NJOIT-F1  New Jersey Information Technology Expenditure Report [Excel KB] 01/31/2017 01/31/2017
16-02-NJOIT-F2  Expenditures Report Agency Certification Form    
15-06-NJOIT  Internet Access Policy for New Jersey State Agencies 04/08/2015 04/08/2015
11-05-NJOIT  Review and Approval of Agency RFPs 10/07/2011 10/7/2011
Group Number Description Date Published Last Reviewed
Asset Management 14-12-NJOIT  183 - Software License Management and Distribution 04/03/2014 04/3/2014
08-04-NJOIT  130 - Information Asset Classification Control Policy 07/31/2008 09/02/2015
08-04-P1-NJOIT  130-00-01 - Information Assets Classification and Control Procedure 07/31/2008 09/02/2015
08-04-S1-NJOIT  130-01 - Information Asset Classification and Control Standard 06/15/2012 09/02/2015
Attachment A to 08-04-P1-NJOIT   130-00-01  - Attachment A (Inventory Spreadsheet) [xls 30k] 07/31/2008 09/02/2015
Business Continuity Management 14-31-NJOIT  195 - Contingency Planning Policy 10/28/2014 10/28/2014
Compliance 14-28-NJOIT  202 -Asset Audit and Accountability Policy 11/13/2014 11/13/2014
14-13-NJOIT  205 - Certification and Accreditation Policy 03/10/2014 03/10/2014
Information Security Certification Accreditation Checklist  Information Security Certification Accreditation Checklist 10/14/2014 08/24/2015
09-05-NJOIT  203 - Information Security Payment Card Industry (PCI) Data Security Policy 10/02/2008 12/15/2011
09-05-S1-NJOIT  203-01 - Information Security Payment Card Industry (PCI) Data Security Standard 10/02/2008 12/15/2011
Contracts / Business 09-11-NJOIT  169 - Business Entity, IT Services and/or Extranet 07/06/2009 01/22/2015
09-11-P1-NJOIT   169-00-01 - Business Entity, IT Services and/or Extranet 08/07/2009 01/22/2015
Appendix A to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet Application Form [pdf 48k] 10/2/2012 01/28/2015
Appendix B to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet MOU [dot 67k] 10/02/2012 01/28/2015
Appendix C to 09-11-P1-NJOIT   Business Entity IT Services and/or Extranet Connection Detail [dot 99k] 10/01/2012 01/28/2015
Appendix D to 09-11-P1-NJOIT   Business Entity, IT Services and/or Extranet Security Controls Assessment Checklist [pdf 206k] 01/21/2015 01/21/2015
Identity and Access Management 14-32-NJOIT  177 - Password Management Policy 10/14/2014 10/14/2014
14-32-S1-NJOIT  177-01 - Password Management Standard 10/14/2014 10/14/2014
14-29-NJOIT  172 - Access Control Management Policy 11/13/2014 11/13/2014
14-27-NJOIT  1701 - Identification and Authentication Policy 10/27/2014 10/27/2014
11-01-NJOIT  179 - Remote Access Policy 03/09/2012 03/9/2012
11-01-P1-NJOIT 179-01-P1-NJOIT - Remote Access Procedure
To obtain a copy contact Statewide Office of Information Security
07/20/2011 07/20/2011
11-01-S1-NJOIT   179-01 - Remote Access Standard 07/20/2011 07/20/2011
Incident Management 11-02-NJOIT  190-NJOIT - Information Security Incident Management Policy 05/24/2012 05/24/2012
11-02-P1-NJOIT  190-00-01 - Information Security Incident Management Reporting Procedures 05/24/2012 07/25/2013
Attachment A to 11-02-P1-NJOIT  Attachment A to 11-02-P1-NJOIT 07/26/2013 07/26/2013
11-02-P2-NJOIT  191 - Information Security Incident Management Response Procedure 05/24/2012 07/25/2013
Information Security Incident Reporting Form  Information Security Incident Reporting Form 07/26/2013 02/05/2015
Information Security Program 14-05-NJOIT  161 -Operational Security Policy 01/07/2014 01/7/2014
12-03-NJOIT  110 - Security Framework Policy 07/17/2012 01/21/2016
08-01-NJOIT  100 - Information Security Program 06/18/2008 01/21/2016
Information Security Structure 15-01-NJOIT  142 - Workforce Security Policy 01/22/2015 01/22/2015
Internet / Social Collaboration 14-30-NJOIT  1600 - Acceptable Internet Usage 09/05/2014 09/5/2014
14-17-NJOIT  166 - Electronic Mail/Messaging Content Policy and Standards 04/02/2014 03/30/2017
Monitoring and Management 15-02-NJOIT  176 - Information Security System Monitoring and User Review Policy 01/22/2015 01/22/2015
Network Management 15-03-NJOIT  165 - Firewall Management Policy 01/22/2015 01/22/2015
14-33-NJOIT  121 - Confidential and/or Personally Identifiable Information 10/28/2014 10/28/2014
14-18-NJOIT  174 - Network Security Policy 06/12/2014 06/12/2014
14-03-NJOIT  173 -Wireless Network Security Policy 01/07/2014 01/7/2014
14-03-S1-NJOIT
This standard is published/posted in NJ-ISAC.
173-01 -Wireless Network Security Standard and Procedure 01/07/2014 01/7/2014
Prevention and Protection 15-04-NJOIT  164 - Backup and Restore Policy 01/22/2015 01/22/2015
14-26-NJOIT  181 - Encryption and Digital Signatures Policy 10/27/2014 10/27/2014
14-07-NJOIT  1602 -Media Protection Policy 01/07/2014 01/7/2014
14-01-NJOIT  171 - Minimum System Security and Protection Policy 01/23/2014 01/23/2014
14-01-S1-NJOIT
This standard is published/posted in NJ-ISAC.
171-01 -Minimum System Security and Protection Standards 01/07/2014 01/07/2014
12-02-NJOIT  132 - Portable Computing Use and Temporary Worksite Assignment Policy 03/28/2012 05/03/2013
Agreement   Portable Computing User Agreement 09/05/2013 04/19/2013
State-Owned Property Removal Form   State-Owned Property Removal Form 03/30/2012 03/20/2012
09-10-NJOIT  152 - Information Disposal and Media Sanitization Policy 04/08/2011 01/22/2015
09-10-S1-NJOIT  152-01 - Information Disposal and Media Sanitization Standards 04/08/2011 01/22/2015
09-10-P1-NJOIT   152-00-01 - Information Disposal and Media Sanitization Procedure 04/08/2011 01/22/2015
09-10-NJOIT Form   Media Disposal Forms [pdf 301 kb] 04/2011 04/2011
Privacy 14-04-NJOIT  123 - State of New Jersey Disclaimer Policy 07/28/2014 07/28/2014
14-04-S1-NJOIT  123-01 - State of New Jersey Disclaimer Standard 07/28/2014 05/27/2015
13-09-NJOIT  201 - State of New Jersey On-line Privacy Policy 12/19/2013 12/19/2013
Security Awareness 12-01-NJOIT  141 - Security Awareness Program Policy 03/21/2012 01/21/2016
Systems Development Life Cycle 14-25-NJOIT  182 - System and Services Acquisition Policy 10/27/2014 10/27/2014
14-09-NJOIT  168 - Change Management Policy 01/07/2014 01/7/2014
14-08-NJOIT  180 - Security in Application Development Policy 01/07/2014 01/7/2014
14-06-NJOIT  162 - System Planning and Acceptance Policy 01/07/2014 01/7/2014
Vulnerability / Risk Management 14-14-NJOIT  116 - Security Assessment Policy 07/28/2014 07/28/2014
14-02-NJOIT  115 - Information Security Risk Management Policy 01/07/2014 01/7/2014
SAS Software Request Form  SAS Software Request Form 01/12/2016 01/12/2016
Risk Management Remediation Report Template   Risk Management Remediation Report Template 01/10/2014 01/10/2014
12-04-NJOIT  184 - Information Security Vulnerability Management Policy 05/03/2012 12/11/2014
12-04-P1-S1-NJOIT   184-01 - Information Security Vulnerability Management Standard And Procedure 09/10/2012 12/11/2014
08-02-NJOIT  111 - Information Security Managing Exceptions 06/02/2008 11/15/2011
Policy Exception Request Form   Policy Exception Request Form 01/29/2014 01/29/2014
Number Description Date Posted Last Reviewed
16-01-NJOIT  Project Management Policy
16-01-NJOIT Attachment_A
16-01-NJOIT Attachment_B
16-01-NJOIT Attachment_C
16-01-NJOIT Attachment_D 
2016/12/12 2016/12/12
Number Description Date Published Last Reviewed
16-05-NJOIT  System Architecture Review (SAR) Policy SAR Procedure
16-05-NJOIT PSystem Architecture Review Procedure 
2016/12/12 2016/12/12
16-03-NJOIT  Enterprise Tech Solution Policy 2016/12/12 2016/12/12
Number Description Date Published Last Reviewed
15-05-NJOIT  State Telecommunication Coordinators 05/27/2015 05/27/2015
Cellular Wireless Device and Portable Computing Device Request  Cellular Wireless Device and Portable Computing Device Request 12/03/2013 12/03/2013
Number Description Date Published Last Reviewed
14-11-NJOIT  Internet and Statewide Intranet Presence for New Jersey State Government 01/23/2014 01/23/2014
13-09-NJOIT  201 - State of New Jersey On-line Privacy Policy 12/19/2013 12/19/2013
07-12-NJOIT  Web Accessibility Policy 06/13/2007 10/27/2014
06-06-NJOIT  State of New Jersey Online Disclaimer Policy 08/10/2001 10/29/2015