The Maryland Department of Information Technology has issued a new Cybersecurity and Privacy Policy Suite establishing unified security standards for all executive branch agencies to strengthen protection of state systems, data, and services against increasingly sophisticated threats.

Over the next 18 months, agencies will implement modern controls based on zero trust principles requiring continuous verification to prevent unauthorized lateral movement across networks aimed at reducing statewide cyber risk and simplifying compliance. Developed by the department’s Office of Security Management in collaboration with state and local partners and informed by over 1,200 public comments, the suite is mandatory for executive agencies and recommended as guidance for local, legislative, and judicial entities.