access and security

Office of Information Security

Policies, Standards, and Guidelines

Policies Last Revised
Policies on the Use of Computers
Outlines acceptable use of University computing and networking resources
06/2012
Privacy Policy
Outlines the University’s position on protecting the privacy of personally identifiable sensitive information stored on University assets
06/2012
Customer Information Security Program Policy and GLBA Policy
Outlines department/unit responsibilities as part of a program for safeguarding non-public "customer" data including financial data and Social Security Numbers
06/2012
Data Access Policy
Outlines roles and responsibilities for granting access to sensitive and restricted institutional data.
06/2012
Password Policy
Establishes the University’s position on the use, creation and management of passwords for University computing accounts

06/2012

 

Standards Last Revised
Data Classification and Protection Standard
Baseline requirements for handling and protecting data based on the data’s classification
06/2012
Minimum Security Standards for Sensitive Devices
Security requirements for servers, desktops, laptops, and mobile devices that store sensitive or restricted data
06/2012
Minimum Security Standards for Networked Devices
Security requirements for devices that connect to the UGA network
06/2012
Password Standard
Specific requirements for password construction and management
06/2012
ArchPass Standard
Criteria for systems to be placed behind two-factor authentication
04/2014
System Logging Security Standard for Restricted Data Devices
Logging standards requirements for devices that store or process restricted University data
03/28/2014

 

Guidelines, Interpretations, and Commentary Last Revised
Customer Information Security Program 06/2012
EULAs and the Acceptable Use of University Computers 06/2012
Security and Privacy for Network Monitoring 08/2013
Classifying and Protecting the UGAID 06/2012
Security and Privacy for Email and Messaging Systems 06/2012
Information Security Requirements for Contractors and Faculty 06/2012
Records Retention and Redacting/Removing Sensitive Data 06/2012
Security Incident Management Responsibilities 06/2012
Recommendations for Business Continuity Planning and Disaster Recovery Planning 06/2012
Encryption Guidelines 05/2014
Domain Name Aliases 08/2001
Procedures for Annual User Access Reviews 01/2014