Policy and Guidance

policies standards guidelines
 
 
UA Information Security (UAIS) is responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for the University. UAIS is also responsible for coordinating various regulatory compliance efforts as they relate to information technology systems. 
 
 

Policy Framework 

The Information Security Framework is currently under revision. The University of Arizona is in the process of adopting the NIST Framework for Improving Critical Infrastructure Cybersecurity.  While we work to structure documentation to fit the University's needs, please refer to the NIST Cybersecurity Framework website for guidance. 

policies

Policies: High level statements, equivalent to organizational law, that drive decision making within the University. University policies are subject to a rigorous review process.  The University's information security policies reside on the University's policy website. 


standards

Standards: Minimum requirements designed to address certain risks and specific requirements that ensure compliance with a policy or standard. These provide a basis for verifying compliance through audits and assessments. All units must meet the standards supporting the Information Security Policy and are encouraged to adopt local standards that exceed the minimum requirements.

The University of Arizona is in the process of adopting the NIST Framework for Improving Critical Infrastructure Cybersecurity While we work to structure documentation to fit the University's needs, please refer to the NIST Cybersecurity Framework website for guidance.


Regulatory Reference