The following OIT security policies and standards establish a baseline for information security and risk management activities for the University and are based on the COV ITRM SEC530 Standard. They define the minimum acceptable level of information security and risk management activities that the University must implement.
It is the User's responsibility to ensure they familiarize themselves with these policies. Questions should be directed to the University's Information Security Officer.
Information Technology Policies
32-01 - Acceptable Use of Technological Resources
32-02 - Data Classification Policy
32-03 - Information Security Policy (Under Development)
INFORMATION Security STANDARDS
32-03.0 Roles and Responsibilities (NSU-RR)
32-03.1 Access Control (NSU-AC): BOV #38-02 (2020) - Logical Access Control Policy & BOV #38-08 (2022) Remote Wireless and Mobile Access Policy
32-03.2 Awareness And Training (NSU-AT): BOV #38-04 (2021) - Security Awareness and Training Policy
32-03.3 Audit And Accountability (NSU-AU)
32-03.4 Assessment, Authorization & Monitoring (NSU-CA): #10 UISP (2023) - Security Assessment and Authorization Policy
32-03.5 Configuration Management (NSU-CM): #38-06 (2021) - Change Management Policy
32-03.6 Contingency Planning (NSU-CP)
32-03.7 Identification And Authentication (NSU-IA): #38-05 (2021) - Identification and Authentication Policy
32-03.8 Incident Response (NSU-IR): #38-09 (2022) – Incident Response
32-03.9 Maintenance (NSU-MA): #38 (2020) - System Maintenance Policy
32-03.10 Media Protection (NSU-MP): #38-01 (2020) - Media Protection Policy
32-03.11 Physical & Environmental Protection (NSU-PE)
32-03.12 PLANNING (NSU-PL)
32-03.13 Program Management (NSU-PM) (Under Development)
32-03.14 Personnel Security (NSU-PS)
32-03.15 Risk Assessment (NSU-RA) BOV #38-07 (2022) – Risk Assessment
32-03.16 System And Services Acquisition (NSU-SA): BOV #38-03 (2021) - System and Services Acquisition Policy
32-03.17 System & Communications Protection (NSU-SC)
32-03.18 System And Information Integrity (NSU-SI): BOV #11 UISP (2023) System and Information Integrity Policy
RECORDS MANAGMENT POLICY & SCHEDULES
33-04 - University Records Management
The following schedules can be found at http://www.lva.virginia.gov/agencies/records/sched_state/index.htm.
Common records can be found under the following General Schedules:
GS-101: General Administration, Contracts and Purchasing
GS-102: Finance & Accounting
GS-103: Human Resources/Personnel
GS-106: Building & Maintenance
GS-111: Academic Departments, Athletics, Housing, Research, Student Affairs, Student Financial, Student Registration, University Development
GS-113: Information Technology
GS-120: Health