Return to Homepage
Email This Page     |     Print This Page     |    
Comments?     |     Share This Link


Rethinking the Dynamics of the RFP Process for Improved IT Procurement
February 2014

The RFP process is multifaceted with a broad set of stakeholders including state CIOs, agency heads, state procurement officials, state procurement attorneys, private sector vendors, and many others. Taking this information into consideration, NASCIO has continually sought ways to encourage collaboration between CIOs, chief procurement officials and private IT sector vendors. As such, NASCIO identified the RFP process as one to which special attention must be paid.

Procurement: Avoiding Risky Business
September 2013

The NASCIO Procurement Modernization Committee, in partnership with TechAmerica and the National Association of State Procurement Officials, continues to focus on state IT procurement reforms and highlight best practices at the state level. This brief is the third in a series of recommendations set forth by this collaborative. The purpose of the brief is to highlight some of the strategies used to first identify, then to avoid, transfer, mitigate, and ultimately accept the risks associated with the procurement of IT products or services. Although not all risks can be identified, the goal should be to understand how much risk is associated with a specific IT procurement and what tools, processes, benchmarks, and methodologies are available to uniquely address IT procurement risks.

Is Big Data a Big Deal for State Governments? The Big Data Revolution – Impacts for State Government – Timing is Everything
August 2012

The volume and velocity of data creation is at all time high – and is accelerating. State government is a veritable data engine creating vast amounts of data from a vast number of sources. That data is being used to comply with regulations; uncover fraud, waste and abuse; and ultimately improve the lives of citizens. The sky is the limit in terms future data generation based on the growth in mobile applications, sensors, cloud services and the growing public private partnerships that must be monitored for performance and service levels, according to NASCIO’s latest in its series of issue briefs on analytics - “Is Big Data a Big Deal?”

In this issue brief, the universe of “big data” will be explored in order to:

  • Create a foundation preliminary to further description and exploration in future briefs, conference sessions and innovations forums.
  • Set common characteristics of big data versus simply lots of data.
  • Emphasize the necessity of data governance and data management within a broader state government enterprise architecture.
  • Present some early recommendations for state government regarding big data.

Leaving Performance Bonds at the Door for Improved IT Procurement
August 2012

This is the second in a series of briefs on IT procurement modernization. The brief focuses on performance bond trends for state IT projects and is intended to give an overview of how the surety market has significantly changed because of a wave of factors external to the IT industry. The amount of readily available performance bonds has become a challenge and, in some instances, bond companies have begun to require companies to partially or fully collateralize performance bonds with bank letters of credit. In order for states to lower costs and create a competitive procurement pool, states need to consider finding ways of leveraging existing protections and adjusting performance bond requirements if necessary. This brief was developed in partnership with TechAmerica and with contributions from the National Association of State Procurement Officials (NASPO).

Leveraging Enterprise Architecture for Improved IT Procurement
July 2012

This brief seeks to present an overview of how the discipline of Enterprise Architecture (EA) can be used to improve and lower costs of state IT procurement. The degree of EA maturity in states can vary as much as the very rules that govern IT procurement, but a closer look will provide guidance on alignment of these vital functions of government. As stewards of tight budgets, it is imperative that state chief information officers (CIOs), state procurement officials, and other state leaders find the best values and are accountable for IT investments. State leaders should consider the benefits of aligning IT procurement and enterprise architecture not only as a way to deliver IT services more effectively, but also as a way to find savings through streamlined investments. This brief was developed in partnership with TechAmerica and with contributions from the National Association of State Procurement Officials (NASPO).

A Golden Opportunity for Medicaid IT Transformation: State CIOs and the MITA Framework
May 2012

This is an unprecedented time for health IT in the United States, and the backbone of achieving lower costs, better health outcomes, and system interoperability relies on an enterprise view. In response to the CMS release of Medicaid Information Technology Architecture (MITA) 3.0, the NASCIO Health Care Working Group has formulated guidance to states as they navigate Medicaid IT transformation. NASCIO continues to be an advocate for enterprise solutions and view the MITA framework as a way state CIOs can decouple legacy systems and break down existing silos in state government. State CIOs grasp the importance of modernizing the Medicaid enterprise in a way that is flexible, interoperable, and takes into consideration emerging technologies like cloud computing. In addition to emphasizing conformity to the MITA vision, the report calls attention to emerging security threats in the states and the importance of protecting personally identifiable information and personal health information.

The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs
October 2011

To ensure that IT security remains robust in the current difficult budget environment, the National Association of State Chief Information Officers (NASCIO) has identified a taxonomy of core, critical IT security services to facilitate the analysis of requirements, sourcing options, and costs for delivering appropriate security. For each of the twelve services that were identified, the brief includes a description, a list of the key activities associated with the service, and a list of tools that commonly support service delivery.

Sustainable Success: State CIOs and Health Information Exchange
September 2011

While NASCIO has continued to track the role of the State CIO in Health Information Exchange (HIE), the recently released issue brief highlights the importance of a sustainable public HIE. Included in the brief are best practices for creating potential revenue streams, considerations for systems development, and innovative options that may reduce maintenance and lower costs. State CIOs and state policy officials need to consider the business drivers that will ensure that revenues exceed costs to plan, implement and operate an interoperable HIE. State CIOs recognize that there is no better opportunity than now for carrying out these goals, but continued ingenuity will be imperative in ensuring a state-run HIE is independently sustainable when public grants may no longer be available.

On the Fence: IT Implications of the Health Benefit Exchanges
June 2011

Despite the contentious debate over national health care reform there seems to be one trend that has gained some degree of consensus at the state level – planning for implementation of state health benefit exchanges. The Patient Protection and Affordable Care Act (PPACA) has already provided $2.8 billion in funding to states to build benefit exchanges, expand Medicaid eligibility and continue prevention efforts. In addition to the substantial amount of funding states have already received, they will receive billions more during 2011 and beyond. The Affordable Care Act provides states with the unique opportunity to either develop and run their own exchange or default to the federal government to establish and operate the exchange. State CIOs will play varying roles in health care reform, but irrespective of their responsibilities it will be imperative to provide sound leadership and provide feedback to governors on any IT gaps that may exist during this momentous time.

DO YOU THINK? OR DO YOU KNOW? PART II: The EA Value Chain, The Strategic Intent Domain, and Principles
September 2010

Investment in business intelligence and business analytics must be driven by enterprise strategic intent. Proper leverage of analytics should start with a clear understanding of the outcomes state government is trying to achieve. This issue brief presents the rationale for analytics using the NASCIO Enterprise Architecture Value Chain as a framework for organizing the thinking and the questions which eventually drive investment in analytics capabilities. It builds on the foundational concepts discussed in NASCIO’s first issue brief on this subject, and strongly recommends an enterprise approach. Without an enterprise approach to analytics, investment across the enterprise is un-orchestrated and uncoordinated. That creates redundant investment in tools and training, and creates barriers to cross line of business collaboration. State government can not afford redundant and disconnected investment. One of the values of enterprise architecture is the management, optimization and simplification of investment within state government. Proper investment and application of analytics is essential to deploying effective and efficient government services. Finally, the level of complexity of analytical methods and tools depends on the complexity of the decisions and the issues.

Security at the Edge: Protecting Mobile Computing Devices Part II: Policies on the Use of Personally Owned Smartphones in State Government
March 2010

Due to the pervasive use of personally owned smartphones in the U.S., practical concerns have arisen around state employee requests to use these devices for state business. The potential for security incidents and data breaches is a practical concern that state CIOs and CISOs must address when establishing security standards. While these devices make the work lives of employees less complicated, and perhaps reduce state IT acquisition costs, officials must once again face the classic dilemma of balancing risks and rewards. Policies on the Use of Personally Owned Smartphones in State Government highlights the trend toward states establishing security policies and standards for connecting personally owned smartphones to government networks.

Gaining Traction on the Road to Win-Win: Limitations on Liability in State IT Contracting
March 2010

As state CIOs continue to deploy IT solutions, it is important to recognize the fiscal benefits of transforming the procurement process to meet the needs of a smaller workforce, budget constraints, and consolidation efforts. Because of current economic factors the state CIO is faced with not only budget constraints for needed IT goods and services, but also advocating for procurement reform that meets the needs of the 21st century. Gaining Traction on the Road to Win-Win presents the challenges associated with unlimited liability, and encourages the inclusion of risk management strategies for state IT contracts. The report also calls attention to the fact that state CIOs are better equipped to provide services to the state when flexible terms and conditions for procurement provisions are in place.

DO YOU THINK? OR DO YOU KNOW? Improving State Government Operations Through Business Analytics
February 2010

Business analytics provides an evidence-based approach for decision making. With the current emphasis on transparency and visibility into the operations of government, government leaders need to anticipate more questions and evaluation related to not only what decisions are being made, but also what rationale was applied in making those decisions. As stated in this issue brief, intuition alone is not adequate for evaluating alternatives and making decisions. Effective implementation of a business analytics capability will promote an enterprise-wide culture of fact-based decision making. State government is encouraged to seriously look at business analytics as a means for fully understanding current circumstances and make predictions about the future. The predictive nature is particularly important as we continue to face ongoing fiscal challenges and increasing demand for state government services.

A Call to Action for State Government: Guidance for Opening the Doors to State Data
September 2009

Transparency initiatives and websites are proliferating across government and industry globally. One aspect of the transparency trend is broader access to government data. NASCIO has published this report as initial guidance and recommendations to help state governments get started with data transparency portals. This guidance presents the value proposition along with principles and guidance on how states should move forward.

HITECH in the States: Action List for State CIOs
August 2009

In recent years, health information technology has grown from a burgeoning trend to a top policy priority for NASCIO as state CIOs from across the nation have become increasingly involved in health IT initiatives in their states. With billions of dollars now allocated to flow into health IT and health information exchange (HIE) initiatives around the country under the American Recovery and Reinvestment Act (ARRA), this trend is only poised to accelerate. HITECH in the States: Action List for State CIOs examines the impact on states—and the implications for state CIOs—of the HITECH Act (ARRA’s health IT requirements) and outlines four broad areas in which state CIOs can have an immediate, and long-term, impact in regards to HIE: Planning, Governance, Financing/Sustainability and Policy. Additionally, this brief highlights the questions that state CIOs should be asking as they work to begin exploring their role within these HIE efforts and also features the affect of the HITECH Act on the Medicaid IT Architecture (MITA) initiative.

Security at the Edge — Protecting Mobile Computing Devices
July 2009

The business of government is increasingly conducted or supported by mobile computing devices as states adopt these tools to un-tether traditional office workers from their desks or employ them for a wide variety of purposes in the field. Use of mobile devices is so widespread that it is difficult to imagine how state governments can operate without them, given their increased computing power and the ease with which they may be integrated with state networks and databases via the Internet. At the same time, however, mobile devices are unusually vulnerable to loss, theft, mis-use, or misconfiguration, which can and does lead to the loss of sensitive data. Security at the Edge highlights the risks associated with uncontrolled use of mobile devices, and targets the standards and procedural controls that allow state CIOs to better secure them.

Data Governance Part III: Frameworks – Structure for Organizing Complexity
May 2009

This issue brief presents the concept of frameworks that describes what constitutes a data governance program, with a focus on frameworks from the Data Management Association (DAMA), the Data Governance Institute (DGI), and IBM. Use of frameworks can assist state government in planning and executing on an effective data governance initiative. They assist in achieving completeness in a program. In any subject or discipline frameworks and maturity models assist in describing the scope – both breadth and depth – of an initiative. This holds true as well for data, information and knowledge management.

Desperately Seeking Security Frameworks – A Roadmap for State CIOs
March 2009

State CIOs, chief security officers, and the IT security professionals who work with them face a challenging and sometimes confusing array of security frameworks – these may be pushed down by Federal agencies, issued by national or international standards bodies, promoted by industry as best practice, or in some instances, be written into law or federal regulation. Desperately Seeking Security Frameworks provides an overview of the primary security standards, regulations, and laws that impact state IT security programs, highlights how states have used the frameworks to shape their security architectures, policies, standards, and controls, and identifies the key issues for CIOs as they establish and maintain IT security programs.

Data Governance Part II: Maturity Models – A Path to Progress
March 2009

Data governance maturity models provide a foundational reference for understanding data governance and for understanding the journey that must be anticipated and planned for achieving effective governance of data, information and knowledge assets. This report continues to build on the concepts presented in Data Governance Part I. It presents a portfolio of data governance maturity models.

Protecting the Realm: Confronting the Realities of State Data at Risk
September 2008

This brief underlines the criticality of managing states’ digital assets and identifies key, high-level elements for establishing better data security programs within states.  The brief covers data ownership and governance issues, recommends grounding data protection efforts in states’ enterprise architecture frameworks, and outlines nine primary elements that a comprehensive data protection program must incorporate or address.  It describes data classification frameworks that have been developed in both state and federal agencies, and includes summaries of operational data classification and security initiatives in the states of Ohio, Arkansas, and Iowa

The MITA Touch: State CIOs and Medicaid IT Transformation
August 2008

Medicaid transformation, and incorporating information technology into these efforts, is among the fastest-growing trends in healthcare today.  With the introduction of the federal Medicaid IT Architecture (MITA) initiative, states are beginning to assess their current Medicaid systems and explore how the MITA initiative can foster information exchange and improve healthcare quality outcomes.  This brief, a product of NASCIO’s Health IT Working Group, examines the ways in which state CIOs can play a role in the MITA effort, and how their enterprise view contributes to the holistic vision that MITA promotes across state agencies and all levels of government. 

Governance of Geospatial Resources: “Where’s the Data? Show Me” - Maximizing the Investment in State Geospatial Resources
July 2008

Geospatial resources refer to a whole discipline around managing data with a spatial orientation or component to support better decision making. Geospatial resources include a field of knowledge, people, policies, processes, standards, and technology that are not only necessary for everyday decision making but also critical for continuity of operations and disaster recovery. A new emphasis on location aware is evidenced further as State CIOs named “GIS” on their Top Ten list of Priority Technologies for 2008. Geospatial resources are so ubiquitous anymore that state government as well as citizens and industry think “where?” regarding almost every issue. This issue brief explores government’s demand for geospatial resources and offers recommendations and calls to action for the state Chief Information Officer to meet that demand.

Ready for the Challenge? State CIOs and Electronic Records: Issues, Opportunities and Best Practices
July 2008

States continue to struggle with new challenges presented by a growing portfolio of electronic records and digital content that must be preserved. Within this context, the issue of electronic records management has emerged as a high-priority policy and technology issue for State CIOs. This issue is now driven by emerging trends such as of new Web 2.0 collaboration tools that create e-records in forms that are transitory, yet still document the business of government, the vulnerability of essential e-records during disasters and a growing emphasis on transparency and accountability in state government, including online public access to records on spending, performance, procurements and contracts. This research brief underscores the need for enterprise collaboration for e-records management, provides information on fundamental concerns, outlines a framework for action and provides best practice examples from the states.

Green IT in Enterprise Practices: The Essential Role of the State CIO
May 2008

Green IT has become one of the fastest-growing trends in IT today, across all sectors and levels of government. Examining the ways in which state CIOs can become involved in shaping and promoting green IT practices and policies, this brief explores the critical role that state CIOs play in reducing their state’s carbon footprint. Featuring examples of successful green IT initiatives in state enterprise practices today, this brief highlights the many ways in which states are managing their IT hardware as well as utilizing technology to reduce their carbon footprint. With the states taking the lead in many aspects of green efforts nationwide, state CIOs have an opportunity to move the green benefits of an initiative to the forefront of strategic thinking and project planning, and this brief provides several starting points from which state CIOs can begin on the path to incorporate green IT efforts into their enterprise practices.

Data Governance - Managing Information As An Enterprise Asset: Part I - An Introduction
April 2008

Data governance entails a universe of concepts, principles, and tools intended to enable appropriate management and use of the state’s investment in information.  Part I on data governance presents an introduction that describes the basic concepts.  Governance, and particularly data governance, is an evolutionary process.  It begins with an understanding of the current investment and then manages that investment toward greater value for the state.

The Workforce Evolution: Recruiting and Retaining State IT Employees
April 2008

An upcoming shortage of state IT government workers is predicted by many to be evident and quickly approaching.  As the state IT workforce begins to face the challenges of a potential worker shortage, and as it evolves to reflect the modern workforce of the future, employee recruitment and retention tactics must be examined in order to attract and retain top IT talent.  A product of NASCIO’s State IT Workforce Working Group, this brief focuses on these recruitment and retention tactics for state CIOs by examining traditional and innovative recruitment strategies, successful retention initiatives and state best practices in each of these areas.  By taking steps to augment a potential state IT worker shortage, state CIOs will be better prepared to face these challenges as they arise.

IT Governance and Business Outcomes – A Shared Responsibility between IT and Business Leadership
March 2008

IT Governance is all about ensuring that state government is effectively using information technology in all government lines of business. This requires that the decision rights for IT investments and deployment are properly shared between the business and IT functions within state government. This issue brief provides an introduction to this very broad topic.

The Search Is On: State CIO Starting Points for E-Discovery
November 2007

In its September 2007 Issue Brief entitled “Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery!”, NASCIO raised the importance of State CIO involvement in e-discovery and the need for collaborative state electronic records management activities to properly address e-discovery requests. In this follow-up Research Brief, NASCIO provides starting points for State CIOs to improve the state’s ability to successfully address legal requests for electronic information.

Topics include:

  • Getting Started on Electronic Records Management
  • Managing an Electronic Records Management Initiative
  • The Role of Records Retention Schedules · The Challenge of Retrieving Electronic Information
  • Electronic Records Management Training and Awareness for State Employees

Connecting State and Local Government: Collaboration through Trust and Leadership
November 2007

Citizen demand for efficient government often drives state agencies to seek out opportunities to deliver traditional services in non-traditional ways. Engaging in cross-boundary collaboration can be a way for states to leverage costs while providing citizens with streamlined services. Such collaboration is inevitable for state CIOs and this brief, a product of NASCIO’s Cross-Boundary Collaboration Committee, explores the unique challenges and opportunities of cross-boundary collaboration between state and local government entities. Highlighting successful examples of state-local collaborations already underway, this brief features the governance and financial models that were utilized for these collaborations. In addition, this brief examines the unique challenges facing state-local challenges and explores the ways in which states and localities can work together to achieve success and to lay the groundwork for future collaborative efforts.

Pandemic Planning and Response for State IT: Where’s My Staff?
November 2007

Without the flow of electronic information, government comes to a standstill. When a state’s data systems and communication networks are disrupted, the problem can be serious and the impact farreaching. The consequences can be much more than an inconvenience. Serious disruptions to a state’s IT systems can lead to public distrust, chaos, fear and potential loss of life. Traditionally, IT disruptions are planned for based on anticipated disasters both natural and manmade that can physically damage facilities and equipment. However, we live in a time that holds the potential for a pandemic outbreak in your city, state or possibly the nation. What would you do as state chief information officer (CIO) if one day your staff did not come to the office because of a pandemic outbreak?

Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery
September 2007

In increasingly consolidated state technology environments, State CIOs may have heightened responsibility for the storage, preservation and retrieval of electronic information in response to e-discovery requests. Since government information is a knowledge asset, State CIOs must ensure the proper management of state information assets in addition to the technological infrastructure for locating and retrieving that information. This issue brief explains the impact for State CIOs of e-discovery requests and encourages State CIOs to pursue a holistic approach to enterprise records management as part of a team of state government stakeholders, including state legal counsel, archivists, records managers, and agency business leaders.

IT Security Awareness and Training: Changing the Culture of State Government
August 2007

Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed. All state employees need to understand that IT security is everyone’s job and understand how to use the state’s IT resources in a way that does not create the risk of a security incident. NASCIO’s Research Brief, "IT Security Awareness and Training: Changing the Culture of State Government" , highlights awareness and training activities that State CIOs can implement to avoid internal threats that can lead to a full-on state government crisis. To assist CIOs in pursuing these efforts, this brief includes many examples of awareness and training activities that are currently taking place with the states. This brief is a product of NASCIO’s Information Security and Privacy Committee.

On the Road to RHIO: What State CIOs Need to Know
July 2007

A product of NASCIO’s Health IT Working Group, this brief examines the ways in which state CIOs can be involved in RHIO efforts in their states and emphasizes the importance for state CIOs to be aware of developments in health information exchange. It also explores the opportunities and challenges that all RHIOs face, despite the unique characteristics they each hold, and features real-world examples of how state CIOs are already involved in their state’s RHIO efforts.

Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise
PART II: Economic, Legal, and Organizational Issues

July 2007

NASCIO continues its series on electronic records management and digital preservation with Part II which focuses on economic, legal, and organizational issues and recommended actions for State CIOs.  Part II builds on the theme that the state CIO and the state enterprise architect will need to view electronic records management and digital preservation as disciplines that comprise an enterprise architecture domain.  Partnering with the state’s archivists, librarians, and records managers to fully leverage their expertise will help ensure the state’s knowledge assets are managed for value with a long term view.  eDiscovery and offshoring present significant challenges to the state enterprise.  CIOs will need to build their awareness of these subject areas and author necessary compliance and risk management strategies.

Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise
PART I: Background, Principles and Action for State CIOs

May 2007

Electronic records management and digital preservation are necessary disciplines for managing the knowledge assets of the enterprise. Attention to these disciplines must be part of every IT investment decision. The lifecycle of "born digital" is presented with emphasis on the decision making process at each major phase. The series will present the current issues and recommendations for action. This first release in this series deals with the principles of records management, and highlights the most significant challenges facing the states.

Getting Started in Cross-Boundary Collaboration: What State CIOs Need to Know
May 2007

State agencies are increasingly crossing organizational boundaries and combining resources in order to achieve joint goals, produce innovation and serve citizens. This brief examines the drivers behind cross-boundary collaboration and outlines the top ten considerations for state CIOs at the outset of collaboration. This brief not only illustrates why state CIOs should consider cross-boundary collaboration and how collaboration begins, but also identifies various types of collaboration, and provides tangible success stories and lessons learned.

Insider Security Threats: State CIOs Take Action Now!
April 2007

This brief examines the often overlooked threats from within. Media attention has focused primarily on external threats with federal government and industry reports revealing alarming hacking and identity theft statistics. However, threats from within both public and private sector organizations may be even more prevalent than external threats and can have equally if not more serious consequences.

This brief discusses five significant insider threats and provides insight on ways to prevent, detect and respond to them. The threats are as follows:

  • Malicious Employees
  • Inattentive, Complacent or Untrained Employees
  • Contractors and Outsourced Services
  • Insufficient IT Security Compliance, Oversight, Authority and Training
  • Pervasive Computing-Technology is Everywhere and Data is on the Move

Harmony Helps: A Progress Report on State Government Internet Presence
March 2007

This brief explores how state web portals have matured and examines the impact of the 2003 expansion of the dot-gov domain to state and local governments; trends in state portal domain naming conventions;  trends in Internet portal branding and marketing; the alignment of agency websites and state email addressing with the state portal; areas of cross-boundary collaboration for online services; and areas for future progress in cross-boundary collaboration for online services.

The New and Improved DST: Are You Ready?
February 2007

This issue brief calls attention to the change in Daylight Savings Time in 2007, as a provision of the United States Energy Policy Act of 2005, and gives pointers to state CIO’s about how the change may affect their applications and systems.

Staying Connected to Your Customers: Strategies and Tactics to Grow Enterprise IT Services
December 2006

This brief covers the topic of utilizing CRM strategies and tactics to sustain and grow relationships with agencies once the CIO has established buy-in for consolidated and shared enterprise services.

Relationships Matter: Customer Service Strategies to Promote Enterprise Services
October 2006

This brief provides an overview of the challenges state CIOs face when promoting enterprise services under statewide IT consolidation and shared services initiatives. The brief also identifies methods for achieving strategic initiatives using proven customer service strategies and examines the types of business processes used to successfully launch and promote consolidation and shared enterprise services.

Keeping the Citizen Trust: What a State CIO Can Do To Protect Privacy
October 2006

This Research Brief examines how privacy in the state government context has evolved as a defining issue in response to rapidly changing technological advances and the complexities of a fast-paced world. The brief then explores some initial areas in which a state CIO may encounter privacy issues, including in the context of IT governance, enterprise architecture, policy, security and business processes, and offers some potential ways of addressing those issues.

Bowling for Broadband 2: Toward Citizen-Centric, Broadband-Based E-Government
August 2006

This brief highlights the continued evolution of the broadband environment and the need for states to understand both the enhanced public service opportunities and citizen expectations of high-speed Internet access.

Born of Necessity: The CISO Evolution--Bringing the Technical and the Policy Together
July 2006

This brief examines the role of the state Chief Information Security Officer (CISO) as it has evolved in response to the growing complexities of the IT threat environment, homeland security concerns, and the increasing demands for enhanced citizen services. Specific points this brief addresses include critical success factors for state CISOs, the importance of a CISO’s relationship-building across the state and among levels of government, and a few predictions on the future evolution of the state CISO.

Keys to Collaboration: Building Effective Public-Private Partnerships
June 2006

This research brief explores the role of public-private partnerships in the increasingly technology-driven public sector. It also provides a look at best practices and building blocks for successful public-private partnerships.

Service Oriented Architecture: An Enabler of the Agile Enterprise
May 2006

This brief identifies what state CIOs need to know now regarding Service Oriented Architecture (SOA), including its business value, the vision for SOA, SOA governance, SOA as a program and SOA security.

The IT Security Business Case: Sustainable Funding to Manage the Risks
May 2006

This brief takes a holistic approach to constructing the case for enterprise IT security investment by outlining for the state CIOs the following steps:

  • Understanding state government’s IT environment that drives the need for security
  • Starting with an enterprise-wide IT risk assessment
  • Making the case for IT security through demonstrating the risks (bolstered by the IT risk assessment results), the benefits of security, and how security aligns with the state’s business needs.

IT Consolidation and Shared Services: States Seeking Economies of Scale
March 2006

A National Framework for Collaborative Information Exchange: What is NIEM?
March 2006

The NIEM initiative is in its beginning stages but is already anticipated to be a major breakthrough initiative, which will have a tremendous impact on how government interoperates with the intention of making possible the communication among government lines of business at all levels of government.

This brief both summarizes the intention of this national initiative and provides guidance on participation in this effort.

The (IT) Doctor is In: The Role of the State CIO in Health IT
February 2006

The brief is intended to help state CIOs—along with other stakeholders and policymakers—determine the appropriate role of the state CIO in guiding their states’ enterprise IT in keeping with the larger national effort to save lives and money in healthcare.

We Need to Talk: Governance Models to Advance Communications Interoperability
November 2005

This research brief provides an overview of the challenges states face in developing communications interoperability initiatives and also attempts to answer questions such as, "What needs to be addressed when contemplating a communications interoperability initiative; and what is being done at the state and federal levels to develop communications interoperability governance models?" It includes other factors that are impacting governance in interoperability and offers references to models that have been successfully completed by other states.

IT Procurement and Enterprise Architecture: Recognizing the Mutual Benefits
October 2005

This brief highlights the benefits of a closer alignment between IT Procurement and Enterprise Architecture (EA), which includes improving and streamlining IT investment decisions in a way that supports the state’s overall strategic goals and intent. It also identifies “touchpoints” at which these two disciplines can establish stronger ties and concludes with recommendations on how states can start down the path to greater EA-IT Procurement alignment.

NASCIO Enterprise Architecture Business Case Summary
October 2005

NASCIO has collected success stories from a variety of sources including its various awards programs. NASCIO members have found that success stories provide an invaluable dimension of the underlying analysis when presenting the business case for EA related projects. These are now being made available to the greater NASCIO community to provide anecdotal information for developing a strong business case for EA. Much can be learned from these experiences and the reader is encouraged to contact the original source for any additional information or comment regarding those success stories that are most relevant.

The Year of Working Dangerously: The Privacy Implications of Wireless in the State Workplace—Part II
September 2005

Part II of this brief provides privacy policy and security measures to help states address the potential privacy implications of wireless technologies identified in Part I.

The Year of Working Dangerously: The Privacy Implications of Wireless in the State Workplace—Part I
August 2005

Part I identifies the privacy implications of wireless technologies in the state workplace, including the privacy implications of mobile technologies such as laptop computers, PDAs and other similar devices.

Enterprise Repositories Issue Brief
August 2005

NASCIO has identified the need for a repository for sharing a variety of enterprise artifacts, presentations, and white papers across the NASCIO community. is the preferred repository for meeting the needs of state and territorial government. This research brief describes the issues, constraints, options and recommendations.

IT Management Frameworks: A Foundation for Success
August 2005

NASCIO’s IT Governance & Service Reform Committee is proud to present IT Management Frameworks: A Foundation for Success. This research brief provides an overview of four successful IT Management frameworks that can improve investment decisions, accountability, and management of IT organizations. These successful frameworks represent a variety of management approaches that emphasize the different disciplines of investment management, service oriented management, and line of business or process management. They include the North Carolina Framework for Managing IT Investments; the Government Accountability Office IT Investment Management Framework; the IT Infrastructure Library; and, the Federal Business Reference Model.

Connecting the Silos: Using Governance Models to Achieve Data Integration
June 2005

NASCIO’s Interoperability & Integration Committee is proud to present Connecting the Silos: Using Governance Models to Achieve Data Integration. This research brief attempts to answer questions such as, “What needs to be addressed when contemplating an information integration initiative, and what is being done in the states and at the federal level to develop information integration governance models?” It also includes other factors that are impacting governance in integration and offers references to models that have been successfully completed by other states and links to resources on information sharing. The committee is currently exploring the following topics for future briefs: Interoperability Governance; Legal Ownership of Shared Data; Data Standards; Master name Indices; and Integration Maturity Models.

TLK2UL8R: The Privacy Implications of Instant and Text Messaging Technologies in State Government
May 2005

This brief explores the privacy implications of Instant Messaging (IM) applications—both consumer and enterprise-grade—in the context of the state workplace. It also addresses the privacy implications of text messaging and chat technologies.

Getting What You Need on the Way to the Win-Win! Leveraging the RFP in State Technology Procurements
May 2005

This publication was co-produced by NASCIO and NASPO (National Association of State Procurement Officials). This brief provides a broad view of how a variety of stakeholders can use the RFP (Request for Proposal) process to the state’s and the citizens’ benefit.

Negotiating IP on the Way to the Win-Win: NASCIO’s Intellectual Property Recommendations
March 2005

These recommendations seek to identify state and contractor interests regarding the ownership of IP and suggest realistic considerations to help make the negotiation of IP rights easier and more successful for all involved.

Welcome to the Jungle: The State Privacy Implications of Spam, Phishing and Spyware
February 2005

This brief explores the privacy implications for state government created by the threats of spam, phishing and spyware and potential ways of preventing and mitigating this triple threat to state IT systems.

The Real Phantom Menace: Spyware and its State Implications
January 2005

This brief addresses the security, privacy, citizen trust and business process-related implications of spyware and other forms of malware for state government IT systems and suggests some potential technical, legal and awareness-raising solutions for the menace of malware.

Who Are You? I Really Wanna Know: E-Authentication and its Privacy Implications
December 2004

This brief explores the business drivers behind e-authentication and the privacy implications that states and others should consider in pursuing e-authentication efforts.

Bowling for Broadband: The Role of the State CIO in Promoting High-Speed Internet Access
September 2004

Think Before You Dig: The Privacy Implications of Data Mining & Aggregation
September 2004

This brief examines the business benefits and privacy issues related to government’s use of data-mining technologies. It also takes a look at high-profile government data-mining programs and suggests ways to infuse privacy protections and transparency into government’s use of data-mining technologies.

Walking the Road to the Win-Win: NASCIO Procurement Subcommittee’s Recommendations on Liability Limitations for State IT Contracting
September 2004

These recommendations are intended to elucidate the various state and vendor interests that are involved in negotiating liability limitations and to help states and vendors negotiate better IT contract liability limitations that are “win-win” for both sides.

HAVA (the Help America Vote Act 2002)—A Briefing Paper
April 2004

This briefing paper provides an overview of the Help America Vote Act of 2002 (HAVA) and explores its IT-related challenges as well as NASCIO’s role in helping states to implement the Act.

Proposed GSA Rule: New Policy on the .gov Domain
May 2002

This brief provides an overview of the Proposed Rule promulgated by the U.S. General Services Administration (GSA) that made the .gov Top-Level Internet domain available for states, local governments and Native Sovereign Nations to register domain names for their official government websites.


National Information Exchange Model NASCIO Awards Archive State IT Workforce: Under Pressure