Enterprise Information Technology Services: Home

access and security

Office of Information Security

Policies, Standards, and Guidelines

Policies Last Revised
Policies on the Use of Computers
Outlines acceptable use of University computing and networking resources		 06/2012
Privacy Policy
Outlines the University’s position on protecting the privacy of personally identifiable sensitive information stored on University assets		 06/2012
Customer Information Security Program Policy and GLBA Policy
Outlines department/unit responsibilities as part of a program for safeguarding non-public "customer" data including financial data and Social Security Numbers		 06/2012
Data Access Policy
Outlines roles and responsibilities for granting access to sensitive and restricted institutional data.		 06/2012
Password Policy
Establishes the University’s position on the use, creation and management of passwords for University computing accounts

06/2012

 

Standards Last Revised
Data Classification and Protection Standard
Baseline requirements for handling and protecting data based on the data’s classification		 06/2012
Minimum Security Standards for Sensitive Devices
Security requirements for servers, desktops, laptops, and mobile devices that store sensitive or restricted data		 06/2012
Minimum Security Standards for Networked Devices
Security requirements for devices that connect to the UGA network		 06/2012
Password Standard
Specific requirements for password construction and management		 06/2012
ArchPass Standard
Criteria for systems to be placed behind two-factor authentication		 05/2013

 

Guidelines, Interpretations, and Commentary Last Revised
Customer Information Security Program 06/2012
EULAs and the Acceptable Use of University Computers 06/2012
Classifying and Protecting the UGAID 06/2012
Security and Privacy for Email and Messaging Systems 06/2012
Information Security Requirements for Visiting Contractors and Faculty 06/2012
Records Retention and Redacting/Removing Sensitive Data 06/2012
Security Incident Management Responsibilities 06/2012
Recommendations for Business Continuity Planning and Disaster Recovery Planning 06/2012
Encryption Guidelines 06/2012
Domain Name Aliases 08/2001