Skip to main content

Policies

The following OIT security policies and standards establish a baseline for information security and risk management activities for the University and are based on the COV ITRM SEC530 Standard. They define the minimum acceptable level of information security and risk management activities that the University must implement.

It is the User's responsibility to ensure they familiarize themselves with these policies. Questions should be directed to the University's  Information Security Officer.

Information Technology Policies

32-01 - Acceptable Use of Technological Resources
32-02 - Data Classification Policy
32-03 - Information Security Policy (Under Development)

 

INFORMATION Security STANDARDS

32-03.0 Roles and Responsibilities (NSU-RR) 

32-03.1 Access Control (NSU-AC): BOV #38-02 (2020) - Logical Access Control Policy & BOV #38-08 (2022) Remote Wireless and Mobile Access Policy

32-03.2 Awareness And Training (NSU-AT): BOV #38-04 (2021) - Security Awareness and Training Policy

32-03.3 Audit And Accountability (NSU-AU)

32-03.4 Assessment, Authorization & Monitoring (NSU-CA): #10 UISP (2023) - Security Assessment and Authorization Policy

32-03.5 Configuration Management (NSU-CM): #38-06 (2021) - Change Management Policy

32-03.6 Contingency Planning (NSU-CP)

32-03.7 Identification And Authentication (NSU-IA): #38-05 (2021) - Identification and Authentication Policy

32-03.8 Incident Response (NSU-IR): #38-09 (2022) – Incident Response

32-03.9 Maintenance (NSU-MA): #38 (2020) - System Maintenance Policy

32-03.10 Media Protection (NSU-MP): #38-01 (2020) - Media Protection Policy

32-03.11 Physical & Environmental Protection (NSU-PE)

32-03.12 PLANNING (NSU-PL)

32-03.13 Program Management (NSU-PM) (Under Development)

32-03.14 Personnel Security (NSU-PS)

32-03.15 Risk Assessment (NSU-RA) BOV #38-07 (2022) – Risk Assessment

32-03.16 System And Services Acquisition (NSU-SA): BOV #38-03 (2021) - System and Services Acquisition Policy

32-03.17 System & Communications Protection (NSU-SC)

32-03.18 System And Information Integrity (NSU-SI): BOV #11 UISP (2023) System and Information Integrity Policy

RECORDS MANAGMENT POLICY & SCHEDULES

 

33-04 - University Records Management

The following schedules can be found at http://www.lva.virginia.gov/agencies/records/sched_state/index.htm.

Common records can be found under the following General Schedules:
GS-101: General Administration, Contracts and Purchasing
GS-102Finance & Accounting
GS-103Human Resources/Personnel
GS-106Building & Maintenance
GS-111: Academic Departments, Athletics, Housing, Research, Student Affairs, Student Financial, Student Registration, University Development
GS-113Information Technology
GS-120: Health