“Executive Order N-04-19,” Executive Department State of California, last modified January 9, 2019, https://www.gov.ca.gov/wp-content/uploads/2019/01/1.8.19-EO-N-04-19.pdf.

See “Procurement: Avoiding Risky Business,” National Association of Chief Information Officers, last modified September 4, 2013, https://www.nascio.org/resource-center/resources/procurement_avoiding_risky_business/.

Stakeholders, as used in this chapter, means anyone who is involved in or affected by a course of action. Since IT within a public entity affects so many—citizens, user and user agencies, suppliers, media, legislative bodies, government executive leadership such as governors and mayors, public procurement personnel, and public IT personnel, to name some of those affected, this chapter uses the term stakeholder to encompass all of whom rely on or who are touched by a state or local government’s I

See “Procurement: Avoiding Risky Business,” National Association of Chief Information Officers.

“What’s the Difference Between Cybersecurity and Information Security?” The University of Alabama at Birmingham, accessed May 2, 2023, https://businessdegrees.uab.edu/blog/whats-the-difference-between-cybersecurity-and-information-security/#:~:text=As%20defined%20by%20the%20U.S.,%2C%20and%20availability%20of%20information.%E2%80%9D.

“Glossary,” National Institute of Standards and Technology, accessed February 22, 2023, https://csrc.nist.gov/glossary/term/spyware.

“What is Cybersecurity?” CompTIA, accessed February 22, 2023, https://www.comptia.org/content/articles/what-is-cybersecurity

“What is Cybersecurity?” CompTIA.

Cliff Nilson (CPO Florida), Risk Is Inevitable presentation, presentation (2022).

“Who We Are,” StateRAMP, accessed February 22, 2023, https://stateramp.org/.

“StateRAMP Frequently Asked Questions,” StateRAMP, accessed February 22, 2023, https://stateramp.org/faqs/.

“Buyer Be Aware: Integrating Cybersecurity into the Acquisition Process,” Center for Internet Security, NASCIO and NASPO, last modified May 2021, https://cdn.naspo.org/R&I%20Content%20Library/Buyer%20Be%20Aware_%20Integrating%20Cybersecurity%20into%20the%20Acquisition%20Process.pdf.

“Cybersecurity Considerations for Procurement,” Federal Energy Management Program, accessed February 22, 2023, https://www.energy.gov/eere/femp/cybersecurity-considerations-procurement.

Bernard Golden, “What Gartner’s Bimodal IT Model Means to Enterprise CIOs,” CIO, last modified January 27, 2015, https://www.cio.com/article/251139/what-gartner-s-bimodal-it-model-means-to-enterprise-cios.html.

A Maintenance Management Information System is a mechanized claims processing and information retrieval system for Medicaid that is required by the federal government.

“Modular Procurement: A Primer,” NASPO, last modified September 2023, https://cdn.naspo.org/R&I%20Content%20Library/Modular%20Procurement_%20A%20Primer_2023.pdf.

“Procurement Policies,” Virginia IT Agency, accessed February 22, 2023, https://www.vita.virginia.gov/supply-chain/scm-policies-forms/.

“Designing for Agility: Advancing IT and Procurement Modernization,” NASCIO and NASPO, last modified May 2023, https://cdn.naspo.org/R&I%20Content%20Library/Designing%20for%20Agility_%20Advancing%20IT%20and%20Procurement%20Modernization.pdf.

“What is the Difference Between a Pilot Project and a Trial Implementation?” KAI Partners, last modified April 19, 2017, https://kaipartners.com/difference-pilot-project-trial-implementation/.

“George Cronin Awards for Procurement Excellence,” NASPO, accessed February 22, 2023, https://www.naspo.org/awards/george-cronin-awards/.

“Tech Next: Leasing vs. Owning Hardware and Software,” NASPO, last modified September 2023, https://cdn.naspo.org/R&I%20Content%20Library/2023_TechNext_LeasingVsOwing.pdf.

A comprehensive total cost of ownership analysis is defined in Chapter 15, Sustainable Procurement.

“A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet.” Alexander Gillis, “What is a VPN,” Tech Target Network, last modified September 2021, https://searchnetworking.techtarget.com/definition/virtual-private-network.

Scalability “is the ability of a computer application or product (hardware or software) to continue to function well when it (or its context) is changed in size or volume in order to meet a user need. Typically, the rescaling is to a larger size or volume.” “Scalability,” Tech Target Network, last modified June 2021, https://searchdatacenter.techtarget.com/definition/scalability.

See Federal Government’s Cloud First Policy, “Federal Cloud Computing Strategy,” Office of the Chief Federal Information Officer, accessed February 22, 2023, https://www.whitehouse.gov/wp-content/uploads/2019/06/Cloud-Strategy.pdf.

Sarbanes-Oxley Act, Pub. L. No. 104-204 §116 Stat. 745 (2002).

“Information and Resources,” State of California Office of Systems Integration, accessed February 22, 2023, https://www.osi.ca.gov/Information_and_Resources.html.

“DoIT Independent Verification and Validation (IV&V) Master Contract,” Maryland Department of Information Technology, accessed February 22, 2023, https://doit.maryland.gov/epmo/Pages/MITDP/ivv.aspx.