Official State of Iowa Website Here is how you know
Iowa Department of Management
Home » Web Content Management System Standard

Web Content Management System Standard

Revised December 1, 2015

Originally Adopted December 12, 2011

This standard establishes requirements for participating agencies, except for those agencies exempted under Iowa Code 8A.201 (4}, to use a common website content management system.

The State of Iowa uses content management systems to manage government information and share the information with the public via the Internet. The Website Standardization Committee that was formed by Executive Order 73 has decided that agencies shall use either of the following Web Content Management Systems:

  • Drupal
  • DNN (formerly referred to as DotNetNuke)

The scope of this standard is to direct the use of the web content management systems listed above. This standard applies to all participating agencies as defined by Iowa Code 8A.201. Non-participating agencies are encouraged to follow the guidelines in this and other enterprise level policies, standards, guidelines, processes and procedures.

Selected terms used in Enterprise Content Management System Standard are defined below:

Content Management System: is a software system that provides website authoring, collaboration, and administration tools designed to enable an organization to seamlessly create, edit, review and publish electronic text to the web.

Agency: Means participating agencies as defined by Iowa Code 8A.201

Elements of Enterprise Content Management System Standard

  1. Participating agencies are required to use Drupal and/or DNN content management system frameworks for external website development and content management.

  1. Assessments. The Office of the Chief Information Officer will periodically survey agencies to determine that agencies are using Drupal and/or DNN frameworks for website development. If violations of this standard are identified, the agency will receive written notification from the State CIO and be expected to appear at the next regularly scheduled standards meeting to present their business case reason(s) for deviating from standards.

  2. Security

3.3.1 Secure Https: All public facing sites will be encrypted https: sites.

3.3.2 Spam Protection: All fillable web forms must have some type of spam protection either with Captcha, Honeypot or other type of protection.

​3.3.3 Test Environment: All websites must have a test environment independent of the production environment for the purposes of testing system enhancements and updates and for security scans.

  1. Modules.  Core code shall not be edited under any circumstance.  Core or Platform modules shall not be edited unless permission is granted from the Office of the Chief Information Officer (OCIO) and the modified module is maintained as a branch in the OCIO code repository. Modules must be in a stable state and actively maintained. Stable is defined as not in a development, alpha, beta or release candidate status.  Actively maintained is defined as updated in the last 24 months and available at or  Agencies must contact  to request use of a non-stable module.

This standard is in effect until revised or rescinded and will be reviewed no less than every two years.

Effective Date

Agencies are required to begin developing and updating websites using the prescribed Content Management System frameworks effective immediately. Agencies must be in compliance with this standard no later than December 1, 2016.

This standard will be enforced pursuant to Iowa Administrative Code 11 -25.9 (8A).

A wavier may be submitted to the State’s Chief Information Officer as defined in Iowa Code 8B.21.5. Requests for a variance from any of the requirements of this policy will be submitted in writing to the State CIO.

Printed from the website on December 03, 2023 at 12:25pm.