ITS Standards

Access Control | Awareness & Training | Audit & Accountability | Contingency Planning | Computer Security | General Security Provisions | Incident Response | Personnel Security | Physical & Environmental Protections | Risk Assessment | Risk Management | System Communications & Protections

---

Access Control

Standard-InfoSec-AC-001-Access Control

• Practice-InfoSec-AC-001.02-Privileged Account Management  
• Practice-InfoSec-AC-001.04-VPN Access
• Practice-InfoSec-AC-001.06-Thrid-Party Access to Accounts and Data   

Standard-InfoSec-AC-002-Authentication

• Practice-InfoSec-AC-002.02-Password Management and Complexity   
• Practice-InfoSec-AC-002.04-NetID Account Management   

Awareness & Training

Standard-InfoSec-AT-001-Training and Awareness

• Practice-InfoSec-AT-001.01-New Employee InfoSec Training
• Practice - InfoSec-AT-001.02-Refresher InfoSec Training Course

Audit & Accountability

Standard-InfoSec-AU-001-Audit & Logging Accountability

Standard-InfoSec-AU-002-Logging and System Activity Review

• Practice-InfoSec-AU-002.01-Logging and System Activity Review

Contingency Planning

Standard - InfoSec-CP-001 - Contingency Planning

• Practice - InfoSec-CP-001.02 - IT Resource Backups
• Practice - InfoSec-CP-001.04 - Contingency Plan

Standard - InfoSec-CP-002 - Information Security during a Disaster

Computer Security

Standard-InfoSec-CS-001-Device Life Cycle Security    

Standard-InfoSec-CS-002-Personally Owned Device Security  

General Security Provisions

Standard-InfoSec-GP-001-UTHSC Information Security Program

• Practice-InfoSec-GP-001.01-Information Security Roles and Responsibilities
• Practice-Infosec- GP-001.02-Security Exceptions and Exemptions to ITS Standards and Practices
• Practice-InfoSec-GP-001.04-Information Security Violations

Standard-InfoSec-GP-002-Data & System Classification    ***UPDATED***

Standard-InfoSec-GP-003-Expectation of Privacy    

Standard-InfoSec-GP-004-Acceptable Use of IT Resources

Standard-InfoSec-GP-005-Data Security   

Standard-InfoSec-GP-007-Asset Management

• Practice-InfoSec-GP-007.02-Antivirus / Antimalware Protection  

Incident Response

Standard-InfoSec-IR-001-Security Incident Response

Personnel Security

Standard - InfoSec-PS-001 - Personnel Security

Physical & Environmental Protections

Standard-InfoSec-PE-001-Physical Security of Information Resources and Related Facilities

• Practice-InfoSec-PE-001.02-Physical Security Server Rooms
• Practice-InfoSec-PE-001.04-Physical Security Server
• Practice-InfoSec-PE-001.06-Physical Security Storage Devices and Media 
• Practice-InfoSec-PE-001.08-Physical Security End User IT Resource     
• Practice-InfoSec-PE-001.10-Physical Security Communication Closets

Risk Assessment

Standard-InfoSec-RA-001 – Risk Assessment

Risk Management

Standard-InfoSec-RM-001 – Risk Management     

Standard-InfoSec-RM-002 - Vulnerability Management    

Standard-InfoSec-RM-003 - Patch Management     

System & Communications Protections

Standard-InfoSec-SC-001-Network Security

• Practice-InfoSec-SC-001.02-Network Security Infrastructure

Standard-InfoSec-SC-002-System and Communications Protections

• Practice-InfoSec-SC-002.01-Official Communications Use & Protections        ***NEW***

Standard-InfoSec-SC-003-Application System Security

• Practice-InfoSec-SC-003.02-Application System Security Features

Standard - InfoSec-SC-005-Encryption

• Practice-InfoSec-SC-005.02-Encryption for Mobile Computing and Storage Devices