Information Security Controls provide implementation information for each standard at various risk levels. The controls could be interpreted as a “how-to” version of the standards.Aa coding scheme makes it easy to cross-reference between the documents. To better guide prioritization efforts, the detailed controls are specified according to the level of data being protected, as defined by the Data Management Policy.

We will continue to develop job aids in the form of documentation (procedures, checklists, templates) and software tools to support implementation of standards and controls. 

The standards are listed below with links to the individual control documents. You must be a member of the campus community to access them and will be prompted to login.

Management Controls Index
MGT01 – Information Risk Management (P1)
MGT02 – Information Security Management (P2)
MGT03 – Compliance Management (P1)
MGT04 – Business Continuity Management (P3)

Legal Risk
LEG01 – Legal & Regulatory Compliance (P2)

Business Risk
BUS01 – Financial Systems (P2)

Purchasing Risk
PUR01 – Contract Management (P3)

Personnel Security Risk
PS01 – Personnel Security (P2)

Facilities Risk
FAC01 – IT Site Security (P2)
FAC02 – IT Workspace Security (P2)

Institutional Data Risk
DAT01 – Institutional Data Security (P1)
DAT02 – Information Access Control (P1)
Information Technology Controls Index
Information Technology
IT01 – Disaster Recovery (P1)
IT02 – Infrastructure Security (P1)
IT03 – Network Security (P1)
IT04 – Server Security (P1)
IT05 – Identity Management (P1)
IT06 – Malicious Software Protection (P1)
IT07 – Application Development Security (P1)
IT08 – Development Process (P2)
IT09 – Vendor Management Security (P2)
IT10 – Client Computer Security (P2)
IT11 – Mobile Device Security (P2)
IT12 – Digital Communications Security (P2)
IT13 – Web Application Security (P2)
IT14 – Security Incident Management (P2)
IT15 – Storage Media Security (P2)
IT16 – Security Training (P2)
IT17 – Asset Management (P2)
IT18 – Software License Management (P3)