BackColorado and StateRAMP


Colorado's Office of Information Technology (OIT) is responsible for establishing, maintaining, overseeing, and enforcing the IT standards to which state agencies are accountable. OIT also oversees statewide IT strategy, rates and services, broadband, cybersecurity, and data accessibility to ensure alignment with established state standards and policies. Through its authority, the Colorado OIT develops standards for project management, including risk and change management, and evaluates all IT projects for alignment with state standards, architecture and best practices. State agencies undertaking major IT projects must work closely with OIT, prior to commencing the project, to develop the project plan and obtain approval from OIT. Colorado's Chief Information Security Officer (CISO) functions within OIT to ensure that the information Coloradans have entrusted to public agencies is safe, secure and protected from unauthorized access, unauthorized use or destruction. The CISO is responsible for:
  • Developing and updating the IT security standards, policies, guidelines and rules to which public agencies are accountable.
  • Ensuring that established security standards are incorporated into the IT security plans developed by public agencies and that agencies are in compliance with those standards.
  • Taking the necessary steps to resolve security incidents, including temporarily suspending the operation of a public agency’s communication and information resources.
  • Directing IT security audits, establishing and directing a risk management process to identify security risks and deploying mitigation strategies.