Policy and Guidance
Policies: High level statements, equivalent to organizational law, that drive decision making within the University. University policies are subject to a rigorous review process. The University's information security policies reside on the University's policy website.
Standards: Minimum requirements designed to address certain risks and specific requirements that ensure compliance with a policy or standard. These provide a basis for verifying compliance through audits and assessments. All units must meet the standards supporting the Information Security Policy and are encouraged to adopt local standards that exceed the minimum requirements.
Procedures: Step-by-step instructions for accomplishing a task. Procedures published by Info Sec are designed to reinforce University policies. Procedures may also play an important role in maintaining compliance with regulations.
Guidelines: General recommendations or instructions that provide a framework for achieving compliance with policies. They are more technical in nature than policies and standards and are updated on a more frequent basis to account for changes in technology and/or University practices.
Policies, Standards, Procedures and Guidelines
IS-S600 University Network Operational Security Standard
IS-S601 Wireless Deployment and Management Standard
IS-S602 Minimum Security for Networked Devices Standard
IS-G602A Minimum Security for Networked Devices Implementation Guideline
IS-G602B Software Patching Guideline
IS-G602C Antivirus Software Guideline
IS-G602D Spyware and Adware Prevention Guideline
IS-G602E Firewall Software Guideline
IS-S603 Server Security Standard
IS-P603 Server Scanning Procedure
Server and Network Scanning Timeline and Action Plan Workbook
IS-G603 Information System Activity Review Guideline
IS-G604 Email Client and Usage Guideline
IS-700 Computer and Network Access Agreement Policy
IS-701 Acceptable Use of Computers and Networks Policy
IS-S702 Access Control Standard
IS-P702 Enterprise Applications Account Access (Legacy Systems) Procedure
IS-P702M Enterprise Applications Account Access (UAccess) Procedure
IS-S703U UA NetID Passwords Standard
IS-S1200 Risk Assessment Standard
IS-P1200 Risk Assessment Procedure
Includes 2016 Procedure, Workbook, Reference Materials -- NetID and Password required
IS-G1200 Unit Asset Identification Guideline
Regulatory Reference
- Arizona Board of Regents Policy 9-201 (General Policy)
- Arizona Board of Regents Policy 9-202 (University Responsibilities)
- Arizona Revised Statutes Section 15-1823 (Identification numbers; social security numbers)
- Arizona Revised Statutes 44-1373 (Restricted use of personal identifying information; civil penalty)
- Arizona Revised Statutes Section 18-552 (Notification of breach of security system) (Definitions ARS 18-551)
- Health Insurance Portability and Accountability Act 45 CFR Parts 160,162, and 164 (HIPAA)
- Family Educational Rights and Privacy Act 34 CFR Part 99 (FERPA)
- PCI Security Standards Council
University Compliance Information