Directive  Administrative Directive 2021-2 IT Standard Operating Environment

M.G.L. c. 7D, § 3:

“(a) The [Executive Office of Technology Services and Security] shall have all powers necessary or convenient to carry out its duties including, but not limited to, the power to: …
(vi) oversee and supervise the maintenance of information technology and the initiation of information technology updates or projects for state agencies;
(vii) initiate procurements of information technology resources for state agencies and enter into agreements or contracts in connection with such procurement on behalf of a state agency or other political subdivision of the commonwealth;
(viii) set policy regarding all procurements of information technology resources;
(ix) review and approve the information technology budget requests of a state agency and IT spending priorities of executive offices and agencies within any executive office;
(x) implement standards for product or service specifications, characteristics or performance requirements of IT resources that increase efficiency and improve security and identify opportunities for cost savings within state agencies based on such standardization; specifically, the office may implement the following: (a) the centralized acquisition and standardization of specifications for desktop computing equipment; (b) consolidation and centralized management of all network resources for the executive department; (c) the consolidation of information technology infrastructure; and (d) following consultation with the secretary of the executive office and the head of the agency or department within the executive offices, effectuate the centralization of other IT services and functions when centralization or standardization will promote greater security, improve service, or reduce costs; …
(b) The office may issue administrative directives pursuant to the authority set forth in this chapter, which shall be binding on all executive department agencies and offices.”

Chief Information Officer: or ''CIO'', the chief information officer of the Commonwealth.

Information technology: or “IT”, hardware, software, telecommunications equipment and related services designed for the storage, manipulation and retrieval of data by electronic or mechanical means including, but not limited to, personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, handheld devices, cloud-based application and platform services, public safety radio services, facsimile machines, data centers, dedicated training facilities and switching facilities.

Secretariat Chief Information Officer: or “SCIO”, the person responsible for technology services, security, and information technology in each executive office other than the executive office of technology services and security, who reports to both the secretary of technology services and security and the secretary of the executive office for whose technology services the SCIO is responsible.

Single device: The end user computing device authorized by the Executive Office of Technology Services and Security (EOTSS).

State agency: a legal entity of state government established by the general court as an agency, board, bureau, commission, council, department, office or division of the commonwealth with a specific mission and which is subject to the control of the governor or whose administration has been solely appointed by the governor.

Pursuant to its statutory authority articulated in M.G.L. c. 6A, § 7A and c. 7D, EOTSS has standardized on a single-device deployment model per employee. See https://www.mass.gov/doc/eotss-hardware- and-software-standards/download for the current standard(s). Along with the single device (a laptop by default), in most instances each employee will receive one docking station, monitor, keyboard, and mouse as part of the standard technology setup.

Please be advised that EOTSS will no longer support in-place upgrades to older Windows 7 computers. Executive branch agencies must upgrade to the new standard single-device model with the corresponding Microsoft operating system and Office Pro Plus/365 platform software by October 31, 2021.

Per the companion Administrative Directive AD 2021-2, all Windows 7 devices must be retired no later than October 31, 2021. Any devices that are still operating Windows 7 after this date will be removed from the Commonwealth’s network(s) without exception.

EOTSS, in collaboration with the Executive Office of Administration and Finance (A&F), has provided previous communications to executive branch agencies as to the refreshment of its end user computing devices beginning in FY21. This program remains a priority, and all executive branch agencies are reminded that A&F (in alignment with EOTSS) made funds available through a debt service model to fund this replacement program. All executive branch agencies are directed to upgrade their devices to comply with the EOTSS standards as outlined in this Administrative Directive by no later than October 31, 2021.

Exceptions to the standard laptop setup and single-device model are at the sole discretion of EOTSS. Agencies seeking an exception to the default laptop standard must submit a request via ServiceNow using the “Desktop hardware and accessories” item in the Service Catalog and selecting “I need something else” when prompted to choose the bundle type. Replacement or substitution of the standard device model at any time is at the sole discretion of EOTSS. This exception process is specific to the standard laptop deployment standard and not to Windows 7 or in-place upgrades.

Requests for exceptions to the single device per employee standard must be submitted in writing to singledeviceexceptions@mass.gov with sign off by the respective agency head, SCIO, and Secretary (or designee). Agencies must present a detailed business or use case as to why an employee needs more than one state-issued device.

Ordering, procurement, and acquisition of all end user devices must be transacted via EOTSS. New hardware orders using existing agency or secretariat funds must be submitted via the EOTSS Service Now Portal. New hardware orders using debt service funding, or orders from the EOTSS “in stock” inventory, must be submitted to modernworkplacehardware@mass.gov. Agencies are responsible for the costs of these devices and must follow EOTSS procurement and billing process unless otherwise directed by EOTSS.

All devices will be maintained and accounted for in the enterprise asset management inventory system operated by EOTSS.

PST Files and Modernization

All state agencies will immediately implement group policies that make existing PST files read-only. The creation of new PST files is prohibited. The continued proliferation of PST files is severely impacting our ability to complete the personal and group shares to the Office 365 platform (Business One Drive) as part of our Modern Workforce transformation.

Secretariat Chief Information Officers (SCIOs) for executive offices are responsible for policy compliance for their secretariats and agencies.