Protecting the Confidentiality, Integrity, and Availability of Information requires a risk-based approach that accounts for both the privacy and security aspects of data stewardship.  OIT policies, procedures, standards, and guidelines are aimed at protecting information in a manner commensurate with the risk that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of such information.


Last ModifiedTitle
05/16/2011Policy 600: Information Security
05/31/2011Policy 602: Info Security for Service Providers
07/19/2012Policy 604: Cyber Security Incident Response
06/06/2011* Procedure 604P1: Incident Reporting
08/09/2012* Procedure 604P2: Incident Handling
06/16/2011Policy 605: Configuration Management
06/16/2011* Guideline 605G1: CM Process
09/01/2011Policy 611: Risk Management
09/01/2011 * Guideline 611G1: Risk Assessment
11/23/2011Policy 621: Network & System Access
09/01/2011Policy 622: Remote Access
09/01/2011* Standard 622S1: Virtual Private Networks
09/01/2011* Standard 622S2: Dial-In Access
09/17/2018Policy 630: Identification & Authentication
03/12/2019* Standard 630S1: Authenticator Management
09/17/2018* Guideline 630G1: Biometric Authentication
09/17/2018Policy 638: Mobile Device Access Control
09/17/2018* Standard 638S1: Mobile Device Management
09/17/2018* Standard 638S2: Mobile Device Use
04/04/2018Policy 640: Security Awareness and Training
09/14/2018* Procedure 640P1: FTI Disclosure Awareness Training
09/14/2018* Form 640F1: FTI Confidentiality Statement
09/01/2011 Policy 641: External Connections
09/01/2011* Standard 641S1: Interconnecting IT Systems
09/01/2011Policy 643: Wireless Security
09/01/2011* Standard 643S1: Wireless Networks
09/01/2011* Standard 643S2: Wireless Clients
09/01/2011* Standard 643S3: Bluetooth Security
02/28/2012Policy 651: Physical Security
10/23/2014Policy 652: Card Key Access Control
09/14/2018Policy 660: System Use
09/14/2018* Standard 660S1: User Rules of Behavior
09/01/2011Policy 661: Application Security
12/01/2011* Guideline 661G1: Application Security
1/26/2012* Guideline 661G2: Security Engineering Principles
09/01/2011Policy 662: Systems Security
06/24/2013* Standard 662S1: Server Security
08/01/2013* Standard 662S2: Client Systems Security
09/01/2011* Standard 662S3: POS Systems Security
09/01/2011* Guideline 662G1: Systems Security
12/14/2011* Guideline 662G2: BIOS Protection
04/15/2013Policy 672: Vulnerability Scanning
09/01/2011Policy 673: Backup and Recovery
03/05/2017Policy 674: Virus Protection
09/01/2011* Standard 674S1: Virus Protection
09/01/2011Policy 675: Vulnerability Management
09/01/2011Policy 676: Monitoring and Reporting
09/01/2011Policy 677: Log Management
01/18/2012* Standard 677S1: Log Management
09/01/2011Policy 678: System Maintenance
Policy 681: Information Protection
09/01/2011* Standard 681S1: Information Protection
09/01/2011* Standard 681S2: Protecting PII
09/01/2011* Standard 681S3: Media Sanitization
09/01/2011Policy 682: Information Release
09/01/2011Policy 683: Encryption
04/26/2011Policy 690: Disaster Recovery