|
Encryption
Readiness Notice of Intent (NOI)
Introduction
HB 2785,
Section 23 of the 2007 legislature required that on
or before September 30, 2007, the Government Information Technology
Agency (GITA) issue a Request for Proposals (RFP) to contract for
solutions to encrypt stored data for all state agencies that maintain
more than ten thousand records and contain “Personal Information,” as
defined by the bill. The bill further directs GITA to supervise the
implementation of encryptions that result from this process. This NOI
is the interface between GITA and State agencies in fulfillment of the
legislative requirement.
Agencies must follow the process below when implementing an encryption
solution:
1. Each agency will respond to the questions
on the Encryption Readiness NOI form (prior to submittal, please
complete due diligence on addressing Terms & Conditions and
indemnification clauses that limit liability and damages on proposed
usage of freeware product/services with State Procurement under Arizona
Procurement Code §A.R.S. 41-2501) and submit the signed form to GITA
electronically as an attachment to encryptNOI@azgita.gov
or by mail at the address listed on this page. GITA will review the
form within 30 days.
2. GITA/SISPO will review the information on the submitted NOI for
appropriateness of the agency’s proposed encryption solution(s) and
evaluate whether the agency’s encryption initiative aligns with their
readiness level and complies with statewide IT policies, standards and
best practices.
3. Within 30 days, the State CIO shall issue a letter of approval
providing the conditions above are satisfactorily demonstrated and it
is determined that the proposed encryption solution is in the best
interest of the submitting agency and the State.
5. Upon successful completion of the encryption solution, the agency
CIO must download and submit an Encryption NOI Completion
form to GITA at encryptNOI@azgita.gov.
6. Each submitting agency shall download the
newest NOI form found on this web site each time an NOI is submitted.
7. Multiple implementations of the same
solution do not require separate NOI submissions.
8. The use of any freeware or shareware
products that is not at least FIPS -2 compliant is inappropriate for
encryption purposes due to non-enforceable licensing/contractual
concerns and federal audit requirements. GITA/SISPO will not approve
any NOI submitted for these types of software.
NOTE: A
NOI must be completed and approved for any and all encryption solutions
under consideration by the state, prior to purchase and/or
installation, regardless of vendor. The
NOI is not a substitution for a PIJ. Should a project being considered
require encryption, the completed and approved NOI can be used as
justification on the associated PIJ.
Page updated:
02/11/2010
|
MaryBeth Joublanc
602-364-4537
Government
Information Technology Agency
Attn:
Encryption NOI
100 N. 15th Ave, Ste 400
Phoenix, AZ 85007
Notice of Intent (NOI)
 
Encryption NOI
Completion Form
Statewide Information Security
& Privacy Office
Cyber Security
Executive Order 2008-10
S850 -
Encryption Technologies Standard
|
