Skip Main Navigation
Official Nebraska Government Website
Skip Side Navigation
Standards and Guidelines Icon

NITC 8-102: Data Security Standard

Category: Security Architecture
Applicability: Applied to all public entities, and state government agencies, excluding higher education institutions
History: Adopted on September 18, 2007. Amended on March 4, 2008 (by NITC 1-103).
Attachment A: Data Security Standard Compliance Report Request Form (Adobe PDF)

1. Standard

It is the responsibility of all State of Nebraska agencies to protect all information stored in electronic form against unauthorized access.

2. Purpose and Objectives

In the normal course of business operations information is gathered, stored and transmitted in electronic form. This information is normally required to provide public services or to carry out other state business responsibilities. Information collected may be of a nature deemed confidential to the business process being carried out and as such not open to sharing with any other entity. Certain types of data may also be deemed personal information. It is the objective of this policy to provide safeguards to protect that information.

Common methods of protecting information include, but are not limited to:

  • Staff education
  • Restricted data access and usage
  • Administrative policies and procedures
  • Data encryption
  • Network encryption
  • Account authorization
  • Strong passwords
  • Biometric authentication
  • Physical security
  • Network Firewalls
  • Server hardening

3. Applicability

3.1 State Government Agencies

All State agencies, boards, and commissions are required to comply with the standard listed in Section 1.0.

4. Responsibility

4.1 NITC

The NITC shall be responsible for adopting minimum technical standards, guidelines, and architectures upon recommendation by the technical panel. (Neb. Rev. Stat. ยง 86-516(6))

4.2 State Agencies

Each state agency will be responsible for ensuring that all information stored in an electronic manner is protected with appropriate safeguards in a manner consistent with this standard and any other applicable security policies.

Each state agency will designate a data owner for each application or system who will be responsible for assigning the data classification according to the sensitivity and critic ality of the information in accordance with the NITC Security Officer Handbook, and making all decisions regarding controls, access privileges, and information management.

Each state agency is responsible for filing a Data Security Compliance Report with the Office of the CIO by October 31 of each year.

5. References