Language Translation
  Close Menu

The IOT Information Security Framework (ISF) comprises Statewide Policies that apply to all State of Indiana Executive Branch agencies, employees, contractors, vendors, and third-party consultants. By law, the ISF is confidential information. The ISF establishes Statewide Policies to protect State of Indiana information resources and ensure compliance with additional regulations and standards. The ISF aligns with the NIST Cybersecurity Framework and NIST Special Publication 800-53 Rev. 4.


The Indiana Office of Technology (IOT) has instituted an Information Security Framework (ISF) that sets policy, establishes control objectives and controls, and describes the standards that are necessary to secure the State of Indiana’s information technology resources. The ISF is confidential by law, and IOT will only make it available to third-party entities that have (or are seeking) a business relationship with the State after such entities have agreed to the terms of the nondisclosure agreement (NDA) available below.

To obtain the ISF, please download and complete the NDA, then return the completed document to IOT via email to

* The subject line of your email must state: [Company name] Request for IOT ISF [Date of Request]
* The subject body of email must include all of the following information:

  • The name(s) of contact representatives with phone number(s) and email address(es).
  • The name of your company
  • The complete Request for Proposal (RFP) or Request for Information (RFI) number associated with your business need for the ISF.
  • The name of the State agency with which you are conducting business.
  • The name of at least one State contact representative within that agency.

IOT Security will validate your business need with the contact agency before sharing the ISF. IOT Security will not provide the ISF to your company until confirmation occurs.

Technology Standards (Vendors)

Statewide Policy Map

Use this “map” to find related policies within specific topic groups.


Links to Statewide Policies

Members of the State of Indiana network can access Policies through Archer, IOT’s governance, risk, and compliance tool, or by using the following links. To access Archer, you must login via the State VPN tool.


Exporting Policies

To export a Policy, go to the Archer Policy Portal, scroll down to the EXPORT window, click on any policy, click the export icon in the upper-right corner, and choose PDF. To access Archer, you must login via the State VPN tool. For more details on exporting a Policy, go to IOT Risk & Compliance Videos, and click on How to Export a Policy.