Governance Instruments

Governance Instruments

Policies

Digital Information Security Policies establish accountability and responsibility for university cybersecurity objectives, and the authority to act on behalf of the University in response cybersecurity incidents and breaches, and to observed, known, or suspected cases of non-compliance with the policies and standards.  

Enterprise Standards

Enterprise Standards establish a standards approach for selecting and implementing mitigating technical, physical, and administrative safeguards. Enterprise Standards are structured using the NIST SP 800-53 Security and Privacy control catalogue as a guide.

Guidelines

Guidelines are technical and procedural documents that recommend actions to reduce management of information and information security risk and to comply with Policies and Enterprise Standards. 

Procedures

Standard Operating Procedures provide a consistent approach to delivering on common requests.

Acceptable Use Agreements

Acceptable use agreements establish expectations of community members and guests for the appropriate and acceptable use of digital resources provided by, or on behalf of the University.