Cybersecurity Standards

Access Control | Awareness & Training | Audit & Accountability | Contingency Planning | Computer Security | General Security Provisions | Incident Response | Personnel Security | Physical & Environmental Protections | Risk Assessment | Risk Management | System Communications & Protections

---

Access Control

AC-001-Access Control

• AC-001.02-Privileged Account Management  
• AC-001.04-VPN Access
• AC-001.06-Third-Party Access to Accounts and Data   

AC-002-Authentication         

• AC-002.02-Password Management and Complexity   
• AC-002.04-NetID Account Management   

Awareness & Training

AT-001-Training and Awareness

• AT-001.01-New Employee InfoSec Training
• AT-001.02-Refresher InfoSec Training Course

Audit & Accountability

AU-001-Audit & Logging Accountability

AU-002-Logging and System Activity Review

• AU-002.01-Logging and System Activity Review

Contingency Planning

CP-001-Business Continuity Planning  

CP-002-Information Security during a Disaster

Computer Security

CS-001-Device Life Cycle Security    

CS-002-Personally Owned Device Security  

General Security Provisions

GP-001-UTHSC Information Security Program

• GP-001.01-Information Security Roles and Responsibilities
• GP-001.02-Security Exceptions and Exemptions to ITS Standards and Practices   
• GP-001.04-Information Security Violations

GP-002-Data & System Classification  ***UPDATED***

GP-003-Expectation of Privacy    

GP-004-Acceptable Use of IT Resources

• GP-004.01-Login Banner      

GP-005-Data Security 

• GP-005.01-Disposal or Destruction of Electronic & Non-Electronic Media     

GP-006-Email      

GP-007-Asset Management    

• GP-007.02-Antivirus / Antimalware Protection  

Incident Response

IR-001-Security Incident Response

Personnel Security

PS-001 - Personnel Security

Physical & Environmental Protections

PE-001-Physical Security of Information Resources and Related Facilities   

• PE-001.08-Physical Security End User IT Resource     

Risk Assessment

RA-001 – Risk Assessment

• RA-001.02-Risk Assessment Process

Risk Management

RM-001 – Risk Management     

RM-002 - Vulnerability Management    

RM-003 - Patch Management     

System & Communications Protections

SC-001-Network Security

• SC-001.02-Network Security Infrastructure

SC-002-System and Communications Protections

• SC-002.01-Official Communications Use & Protections        

SC-003-Application System Security

• SC-003.02-Application System Security Features

SC-004-Wireless Network Security    

SC-005-Encryption

• SC-005.02-Encryption for Mobile Computing and Storage Devices  

SC-006-Internet of Things Security