Enterprise Information Technology Services: Home

access and security

Office of Information Security

Policies, Standards, and Guidelines

Policies Last Revised
Policies on the Use of Computers
Outlines acceptable use of University computing and networking resources
06/2012
Privacy Policy
Outlines the University’s position on protecting the privacy of personally identifiable sensitive information stored on University assets
06/2012
Customer Information Security Program Policy and GLBA Policy
Outlines department/unit responsibilities as part of a program for safeguarding non-public "customer" data including financial data and Social Security Numbers
06/2012
Data Access Policy
Outlines roles and responsibilities for granting access to sensitive and restricted institutional data.
06/2012
Password Policy
Establishes the University’s position on the use, creation and management of passwords for University computing accounts

06/2012

 

Standards Last Revised
Data Classification and Protection Standard
Baseline requirements for handling and protecting data based on the data’s classification
06/2012
Minimum Security Standards for Sensitive Devices
Security requirements for servers, desktops, laptops, and mobile devices that store sensitive or restricted data
06/2012
Minimum Security Standards for Networked Devices
Security requirements for devices that connect to the UGA network
06/2012
Password Standard
Specific requirements for password construction and management
06/2012
ArchPass Standard
Criteria for systems to be placed behind two-factor authentication
04/2014
System Logging Security Standard for Restricted Data Devices (DRAFT)
Logging standards requirements for devices that store or process restricted University data
03/28/2014

 

Guidelines, Interpretations, and Commentary Last Revised
Customer Information Security Program 06/2012
EULAs and the Acceptable Use of University Computers 06/2012
Security and Privacy for Network Monitoring 08/2013
Classifying and Protecting the UGAID 06/2012
Security and Privacy for Email and Messaging Systems 06/2012
Information Security Requirements for Contractors and Faculty 06/2012
Records Retention and Redacting/Removing Sensitive Data 06/2012
Security Incident Management Responsibilities 06/2012
Recommendations for Business Continuity Planning and Disaster Recovery Planning 06/2012
Encryption Guidelines 06/2012
Domain Name Aliases 08/2001
Procedures for Annual User Access Reviews 01/2014