|
Encryption Readiness Notice of Intent (NOI)
Introduction
HB 2785, Section 23
of the 2007 legislature required that on or before September 30, 2007, the
Government Information Technology Agency (GITA) issue a Request for
Proposals (RFP) to contract for solutions to encrypt stored data for all
state agencies that maintain more than ten thousand records and contain
“Personal Information,” as defined by the bill. The bill further directs
GITA to supervise the implementation of encryptions that result from this
process. This NOI is the interface between GITA and State agencies in
fulfillment of the legislative requirement.
Agencies must follow the process below when implementing an encryption
solution:
1. Each agency will respond to the questions on the Encryption Readiness
NOI form (prior to submittal, please complete due diligence on
addressing Terms & Conditions and indemnification clauses that limit
liability and damages on proposed usage of freeware product/services
with State Procurement under Arizona Procurement Code §A.R.S. 41-2501) and submit the
signed form to GITA electronically as an attachment to
encryptNOI@azgita.gov or
by mail at the address listed on this page. GITA will review the form
within 30 days.
2. GITA/SISPO will review the information on the submitted NOI for
appropriateness of the agency’s proposed encryption solution(s) and
evaluate whether the agency’s encryption initiative aligns with their
readiness level and complies with statewide IT policies, standards and
best practices.
3. Within 30 days, the State CIO shall issue a letter of approval
providing the conditions above are satisfactorily demonstrated and it is
determined that the proposed encryption solution is in the best interest
of the submitting agency and the State.
5. Upon successful completion of the encryption solution, the agency CIO
must download and submit an Encryption NOI Completion form to GITA at
encryptNOI@azgita.gov.
6. Each submitting agency shall download the newest NOI form found on
this web site each time an NOI is submitted.
7. Multiple implementations of the same solution do not require separate
NOI submissions.
8. The use of any freeware or shareware products that is not at least
FIPS -2 compliant is inappropriate for encryption purposes due to
non-enforceable licensing/contractual concerns and federal audit
requirements. GITA/SISPO will not approve any NOI submitted for these
types of software.
NOTE: A NOI must be completed and approved for any and all encryption
solutions under consideration by the state, prior to purchase and/or
installation, regardless of vendor. The NOI is not a substitution
for a PIJ. Should a project being considered require encryption, the
completed and approved NOI can be used as justification on the associated
PIJ.
Page updated:
02/11/2010
|
Sherri Eshkibok
602-364-4779
Jim Ryan
602-364-4771
Government Information Technology Agency
Attn: Encryption NOI
100 N. 15th Ave, Ste 440
Phoenix, AZ 85007
Notice of Intent (NOI)
Encryption NOI Completion Form
Statewide Information Security
& Privacy Office
Cyber Security
Executive Order 2008-10
S850 - Encryption Technologies Standard
|
