ITS Standards
Access Control | Awareness & Training | Audit & Accountability | Contingency Planning | Computer Security | General Security Provisions | Incident Response | Personnel Security | Physical & Environmental Protections | Risk Assessment | Risk Management | System Communications & Protections
Access Control
Standard-InfoSec-AC-001-Access Control
- Practice-InfoSec-AC-001.02-Privileged Account Management
- Practice-InfoSec-AC-001.04-VPN Access
- Practice-InfoSec-AC-001.06-Thrid-Party Access to Accounts and Data
Standard-InfoSec-AC-002-Authentication
- Practice-InfoSec-AC-002.02-Password Management and Complexity
- Practice-InfoSec-AC-002.04-NetID Account Management
Awareness & Training
Standard-InfoSec-AT-001-Training and Awareness
- Practice-InfoSec-AT-001.01-New Employee InfoSec Training
- Practice - InfoSec-AT-001.02-Refresher InfoSec Training Course
Audit & Accountability
Standard-InfoSec-AU-001-Audit & Logging Accountability
Standard-InfoSec-AU-002-Logging and System Activity Review
Contingency Planning
Standard - InfoSec-CP-001 - Contingency Planning
Standard - InfoSec-CP-002 - Information Security during a Disaster
Computer Security
Standard-InfoSec-CS-001-Device Life Cycle Security
Standard-InfoSec-CS-002-Personally Owned Device Security
General Security Provisions
Standard-InfoSec-GP-001-UTHSC Information Security Program
- Practice-InfoSec-GP-001.01-Information Security Roles and Responsibilities
- Practice-Infosec- GP-001.02-Security Exceptions and Exemptions to ITS Standards and Practices
- Practice-InfoSec-GP-001.04-Information Security Violations
Standard-InfoSec-GP-002-Data & System Classification ***UPDATED***
Standard-InfoSec-GP-003-Expectation of Privacy
Standard-InfoSec-GP-004-Acceptable Use of IT Resources
Standard-InfoSec-GP-005-Data Security
Standard-InfoSec-GP-007-Asset Management
Incident Response
Standard-InfoSec-IR-001-Security Incident Response
Personnel Security
Standard - InfoSec-PS-001 - Personnel Security
Physical & Environmental Protections
Standard-InfoSec-PE-001-Physical Security of Information Resources and Related Facilities
- Practice-InfoSec-PE-001.02-Physical Security Server Rooms
- Practice-InfoSec-PE-001.04-Physical Security Server
- Practice-InfoSec-PE-001.06-Physical Security Storage Devices and Media
- Practice-InfoSec-PE-001.08-Physical Security End User IT Resource
- Practice-InfoSec-PE-001.10-Physical Security Communication Closets
Risk Assessment
Standard-InfoSec-RA-001 – Risk Assessment
Risk Management
Standard-InfoSec-RM-001 – Risk Management
Standard-InfoSec-RM-002 - Vulnerability Management
Standard-InfoSec-RM-003 - Patch Management
System & Communications Protections
Standard-InfoSec-SC-001-Network Security
Standard-InfoSec-SC-002-System and Communications Protections