{"id":193538,"date":"2026-03-06T17:45:00","date_gmt":"2026-03-06T22:45:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/06\/marylands-new-cyber-policy-aims-to-build-trust\/"},"modified":"2026-03-06T18:45:12","modified_gmt":"2026-03-06T23:45:12","slug":"marylands-new-cyber-policy-aims-to-build-trust","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/06\/marylands-new-cyber-policy-aims-to-build-trust\/","title":{"rendered":"Maryland\u2019s New Cyber Policy Aims to Build Trust"},"content":{"rendered":"<p><a href=\"https:\/\/www.govtech.com\/security\/marylands-new-cyber-policy-aims-to-build-trust\">Maryland\u2019s New Cyber Policy Aims to Build Trust<\/a><\/p>\n<p><a href=\"https:\/\/www.govtech.com\/security\/marylands-new-cyber-policy-aims-to-build-trust\">https:\/\/www.govtech.com\/security\/marylands-new-cyber-policy-aims-to-build-trust<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-06 17:45:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.govtech.com\">www.govtech.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                                    Maryland is working to improve its cybersecurity with new policies and plans, including efforts to better collaborate with internal state agencies.The state\u2019s central IT shop recently released a 31\u2011module, zero-trust framework that 22 Cabinet agencies are slated to adopt over the next year and a half. State technology leaders said that trust, transparency, ease of use and collaboration were considerations when building out the policies, which also support timeliness, flexibility, security and compliance.Chief Information Security Officer James Saunders, who joined the state in 2025 while the policy work was in progress, said Maryland previously had a 200-plus page document that dated back to June 2019. The refreshed governance is not only timely, he said, but it can be used as a model by others. In all, Maryland encompasses about 78 independent agencies, about 40 boards and commissions, 24 counties, and more than 150 towns and cities.\u00a0\u201cSo much has changed in cybersecurity \u2026 in privacy, just in that six-, seven-year window,\u201d Saunders said. \u201cIt was highly necessary for us to update and refresh the guidance [for] our state agency partners, as well as it being a signal to our local government partners, who can utilize the policy suite as an example to guide their specific organizations.\u201d\u2018ARCHITECTURE OF TRUST\u2019\u201cPolicy isn\u2019t just paperwork. It\u2019s the architecture of trust,\u201d said Miheer Khona, the state\u2019s director of governance, risk and compliance. He also noted that there was a significant level of collaboration on this project, and that people tapped into expertise, agency missions and vantage points to help build a relevant and applicable policy suite.While considering this feedback, the suite reflects a shift to zero-trust architecture, emphasizing continuous verification and data-centric security rather than perimeter defenses. The suite is aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and NIST 800-53 Rev. 5, introducing changes including stronger authentication standards, faster incident reporting requirements, and expanded vulnerability management and security training practices.\u00a0Saunders said it sets appropriately high expectations. \u201cWe want people to know and to see this is our ideal state for protecting the systems that provide [resident services],\u201d he said. \u201cI wanted to make it extremely clear that we\u2019re leaning into zero trust. \u2026 It is one of the best ways, from an architectural perspective, to minimize the impact of cyber attacks and breaches.\u201dThe policy addresses a wide spectrum of concerns including data protection, privacy regulations and the people who interact with technology systems across the state ecosystem.\u201cI think that looking at privacy as being very foundational, because privacy is a right,\u201d said Chief Privacy Officer Caterina Pangilinan. \u201cWhen it comes down to it, it\u2019s ensuring that our residents understand that we are here to protect their privacy. We might, if we are transparent about how we use their data, let them know that we were only going to use their data for the stated purposes for which they\u2019ve given it. That\u2019s what these standards and procedure are all about.\u201dEASE OF USEThe documentation is structured in three levels \u2014 a 100-level overview, 200-level policies and 300-level technical standards \u2014 for a total of 31 modules. This modular design allows updates to be made without revising the entire framework. For example, the Acceptable Use Policy outlines expectations for how employees log into systems, store passwords and use social media on state-issued devices. Meanwhile, the Access Control Standard details technical and operational requirements for managing system and data access at a granular level.\u201cThe framework essentially utilizes this peered structure that cascades from strategic governance policies to tactical implementation standards; it ensures high-level missions are translated into actionable agency-level procedures,\u201d Khona said. \u201cIt\u2019s about enabling and allowing people to understand what cybersecurity and privacy requirements are at their level of perspective.\u201dPACING CHANGEThe state\u2019s IT department has made multiple changes over the past years to enhance cybersecurity. It spearheaded the consolidation of disparate Active Directory domains from various agencies and hired 15 information security officers to assist state agencies. Within the last year, Saunders said they have also added a statewide vulnerability disclosure program, expanded the Maryland Information Sharing and Analysis Center, and added several new working groups.\u201cThat\u2019s a lot of change in a really short time,\u201d Saunders said. \u201cI have to remind myself: Pace yourself. This is a half-marathon, not a 5K and you\u2019ve got to let some of these changes settle before you\u2019re on to the next.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Maryland\u2019s New Cyber Policy Aims to Build Trust https:\/\/www.govtech.com\/security\/marylands-new-cyber-policy-aims-to-build-trust Publish Date: 2026-03-06 17:45:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":193539,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/erepublic.brightspotcdn.com\/dims4\/default\/9ce1bf3\/2147483647\/strip\/true\/crop\/4846x2356+0+0\/resize\/1440x700!\/quality\/90\/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Fe3%2F8d%2Fc03222be48afa79bb2cfce67719c%2Fmaryland-statehouse-view.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-193538","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193538"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=193538"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193538\/revisions"}],"predecessor-version":[{"id":193540,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193538\/revisions\/193540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/193539"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=193538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=193538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=193538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}