• Accessibility Standards

    For future reference, you may access this page by using www.mass.gov/itd/accessibilitystandards.

    These standards, together with the Enterprise Web Accessibility Standards specify the minimum accessibility standards that must be implemented and maintained throughout the lifecycle of all identified information technology solutions.
  • Enterprise Access Control Security Policies and Standards

    The Enterprise Access Control Policy effort has been an comprehensive effort to consolidate and reorganize many of the Commonwealth’s Enterprise security access policies and standards and align them with the structure of Section 11 “Access Control” of the ISO/IEC 27002:2005, “Information technology - Security techniques - Code of practice for information security management”.  The Enterprise Access Control Policy and supporting standard, Enterprise Access Control Security Standards have been drafted together as a suite with sections that are aligned with each other as well as with ISO 27k.  The Policy is generally higher level and relies on the associated Standards to elaborate into the detail required for further technical use.   All Executive Department agencies are required to comply with this policy and the supporting standards in addition to any agency or third party that connects to the Commonwealth’s wide area network (MAGNet). Entities outside the Executive Department are encouraged to adopt these or similar policies and standards. This policy is effective as of the date of publication.
  • Enterprise Architecture

    Architecture documents provide the framework and define the standards, specifications and technologies to support the Commonwealth's computing environment. This computing environment includes the service-oriented architecture and the standard operating environment.
  • Enterprise Business Continuity Management Policy & Standards

    As part of the Enterprise Information Security Policy Workbook; the Enterprise Business Continuity Management Policy and supporting standards are critical to ensuring that the Commonwealth has established and enforces necessary measures to safeguard the interests of key stakeholders, information assets and Information Technology Resources, in the event of a catastrophic disaster or other extraordinary disruption.

    For guidance in developing and implementing your own Enterprise Business Continuity Management Policy please visit our CommonWiki space at:  https://wiki.state.ma.us/confluence/display/entpolicy/Enterprise+Business+Continuity+of+IT+Management+Framework

  • Enterprise Desktop Power Management Standards

    The purpose of these standards is to establish minimum power management requirements that will result in significant reductions in the energy consumption of the thousands of Personal Computers (PCs) and workstations used throughout the Commonwealth of Massachusetts Executive Department agencies. Such energy reductions will also result in a significant reduction in energy costs and associated environmental impacts, such as greenhouse gas emissions.
  • Enterprise Information Security Organization Policy

    This policy articulates the requirements that assist management in defining an organizational framework to initiate and control the implementation of information security practices including development and implementation of security policies, standards, and procedures within their respective agencies. 

  • Enterprise Information Technology Acquisition Policy

    The purpose of this Policy is to ensure that all viable solutions, including those that may not be otherwise represented by IT vendors during the procurement process, are identified and evaluated by Applicable Entities as part of their Best Value selection.
  • Enterprise IT Acquisitions Security Policy

    The Enterprise Information Technology Acquisition Security Policy states requirements for evaluating all various security concerns and implications that must be considered whenever there is a Commonwealth purchase of IT goods, services, and/or solutions. 

  • Enterprise IT Acquisitions Standards

    The Enterprise Information Technology Acquisition Security and Technology Standards provides detailed standards that all IT Acquisitions must adhere to as required by the IT Acquisition Security Policy and IT Acquisition Technology Policy.

  • Enterprise IT Security Compliance Policy

    This policy defines a framework that supports compliance with the overall information security goals of the Commonwealth including compliance with laws, regulations, policies and standards to which their IT resources and data, including but not limited to personal information, are subject.

  • Open Standards Policy

    Adopting open standards ensures the Commonwealth's investments in information technology result in systems that are sustainable, interoperable and do not result in vendor lock-in.

  • Security Policies & Standards

    Links to various Enterprise policies and standards that relate to cyber security.
  • Enterprise Toner Cartridge Acquisition Policy

    The purpose of the policy is to establish requirements for the purchase and recycling of laser printer toner cartridges aimed at increasing the purchase and use of remanufactured laser printer cartridges throughout the Commonwealth of Massachusetts Executive Department agencies by 40% during Fiscal Year 2013 (FY13) and by a minimum of 10% annually thereafter.

  • Website requirements and policies

    For future reference this page may be accessed by using www.mass.gov/itd/webpolicies.

    Includes information on required policies and what elements are needed for Executive Departments looking to build or revamp their websites.