|
Encryption Readiness Notice of Intent (NOI)
Introduction
HB 2785, Section 23
of the 2007 legislature required that on or before September 30, 2007, the
Government Information Technology Agency (GITA) issue a Request for
Proposals (RFP) to contract for solutions to encrypt stored data for all
state agencies that maintain more than ten thousand records and contain
“Personal Information,” as defined by the bill. The bill further directs
GITA to supervise the implementation of encryptions that result from this
process. This NOI is the interface between GITA and State agencies in
fulfillment of the legislative requirement.
Agencies must follow the process below when implementing an encryption
solution:
1. Each agency will respond to the questions on the Encryption Readiness
NOI form (prior to submittal, please complete due diligence on
addressing Terms & Conditions and indemnification clauses that limit
liability and damages on proposed usage of freeware product/services
with State Procurement under Arizona Procurement Code §A.R.S. 41-2501) and submit the
signed form to GITA electronically as an attachment to
encryptNOI@azgita.gov or
by mail at the address listed on this page. GITA will review the form
within 30 days.
2. GITA/SISPO will review the information on the submitted NOI for
appropriateness of the agency’s proposed encryption solution(s) and
evaluate whether the agency’s encryption initiative aligns with their
readiness level and complies with statewide IT policies, standards and
best practices.
3. Within 30 days, the State CIO shall issues a letter of approval
providing the conditions above are satisfactorily demonstrated and it is
determined that the proposed encryption solution is in the best interest
of the submitting agency and the State.
5. Upon successfully implementing their encryption solution, the agency
will submit a letter of completion to GITA/SISPO.
6. Each submitting agency shall download the newest NOI form found on
this web site each time an NOI is submitted.
NOTE: A NOI must be completed and approved for any and all encryption
solutions under consideration by the state, prior to purchase and/or
installation, regardless of vendor. The NOI is not a substitution
for a PIJ. Should a project being considered require encryption, the
completed and approved NOI can be used as justification on the associated
PIJ.
|
Sherri Eshkibok
602-364-4779
Jim Ryan
602-364-4771
Government Information Technology Agency
Attn: Encryption NOI
100 N. 15th Ave, Ste 440
Phoenix, AZ 85007
Notice of Intent (NOI)
Statewide Information Security
& Privacy Office
Cyber Security
Executive Order 2008-10
S850 - Encryption Technologies Standard
|
