Policies & Standards

CORA: Colorado Open Records Requests

Pursuant to C.R.S. §24-72-205, OIT does not impose a charge for the first hour of time expended in connection with the research and retrieval of public records. After the first hour, OIT charges $25 per hour for the research and retrieval of public records. When the number of pages produced in response to a records request exceeds 25 pages, OIT will charge $0.25 per page for all documents photocopied. CORA requests made of OIT should be submitted in writing, via email, to oit_cora@state.co.us.

Policies & Standards Issued By OIT

Acceptable Use Policy (AUP)

• Acceptable Use of State Data & IT Resources, P-CISP-018 (AUP)

Credentialing/Identity Management

• Policy on the Issuance of Colorado Personal Identity Verification - Interoperable (PIV-I) Cards (OEA Policy GOV 100-00)

Data Management

• Guidelines for Information Sharing Initiatives

Financial Services

• IT Expense Approval Request
• Vendor Selection Standard for Major IT Projects, OIT-FinSvc-100

• Acquisition of IT Goods (Products) and/or Services 

• The formal processes to purchase or acquire information technology products and/or services are described here.

• Buying from State Price Agreements 
• State Price Agreements may exist that do not meet mandatory OIT standards applicable to state agencies as defined in C.R.S. 24-37.5-102(4) or that require OIT approval prior to use. State agencies are therefore cautioned to ensure that any price agreement for communication and IT (C.R.S. 24-37.5-102(2)), hardware, software, radios, communication systems/towers meets OIT standards and that necessary OIT approvals have been obtained prior to use of the Price Agreement

Governance

• Policy to Create the Colorado Architecture Review Board (CARB) (OEA Policy GOV 100-01)

Information Security

The Office of Information Security has issued the following policies, rules and standards under the authority of C.R.S. 24-37.5-401 et seq.   

CCR 1501-5: Rules in support of the Colorado Information Security Act >>.

(State Agency Cyber Security Planning)

Glossary of Terms for the below Colorado Information Security Policies (CISPs)

CISP-001: Access Control

CISP-002: Security Awareness and Training

CISP-003: Audit and Accountability

CISP-004: Security Assessment and Authorization

CISP-005: Configuration Management

CISP-006: Contingency Planning

CISP-007: Identification and Authentication

CISP-008: Incident Response

CISP-009: System Maintenance

CISP-010: Media Protection

CISP-011: Physical and Environmental Protection

CISP-012: Personnel Security

CISP-013: Risk Assessment

CISP-014: System and Services Acquisition

CISP-015: System and Communications Protection

CISP-016: System and Information Integrity

CISP-017: Security Planning 

CISP-018: Acceptable Use of State Data & IT Resources (AUP)