Policy 510: Security and Privacy Architectures defines the roles and responsibilities for OIT and state agencies to create and support information security and privacy architectures that support an enterprise architecture. Policy 510 addresses NIST SP800-53r4 security control PL-8: Information Security Architecture.

Policy 510 replaces legacy Policy 500: Statewide Information Systems Architecture.

Standard 510S1: Zone Architecture provides an overview of the OIT multi-zone security architecture. This architecture employs a defense-in-depth approach that places more critical and/or valuable information assets behind additional security layers making it more difficult for adversaries to overcome.

Standard 510S1 replaces legacy Standard 500S1: Network Architecture Standard. Aside from document formatting and change of title, this version is essentially unchanged.


Risks addressed in these documents include:

  • Standardizing security and privacy architectures for state agencies
  • Managing communications between systems and services
  • Ability to inspect and filter traffic between trusted and untrusted networks



View or Download:

DRAFT Policy 510: Security and Privacy Architectures

DRAFT Standard 510S1: Zone Architecture