Policies, Standards, and Guidelines
| Policies | Last Revised |
|---|---|
| Policies on the Use of Computers Outlines acceptable use of University computing and networking resources |
01/2019 |
| Privacy Policy Outlines the University’s position on protecting the privacy of personally identifiable sensitive information stored on University assets |
05/2018 |
| Customer Information Security Program Policy and GLBA Policy Outlines department/unit responsibilities as part of a program for safeguarding non-public "customer" data including financial data and Social Security Numbers |
06/2012 |
| Data Access Policy Outlines roles and responsibilities for granting access to sensitive and restricted institutional data. |
06/2012 |
| Password Policy Establishes the University’s position on the use, creation and management of passwords for University computing accounts |
06/2012 |
| European Union General Data Protection Regulation Compliance Policy The European Union General Data Protection Regulation (EU GDPR) imposes obligations on entities, like the University of Georgia, that collect or process personal data about people in the EU. |
05/2018 |
| Standards | Last Revised |
|---|---|
| Data Classification and Protection Standard Baseline requirements for handling and protecting data based on the data’s classification |
01/2019 |
| Minimum Security Standards for Sensitive Devices Security requirements for servers, desktops, laptops, and mobile devices that store sensitive or restricted data |
06/2012 |
| Minimum Security Standards for Networked Devices Security requirements for devices that connect to the UGA network |
06/2012 |
| Password Standard Specific requirements for password construction and management |
04/2018 |
| ArchPass Standard Criteria for systems to be placed behind two-factor authentication |
04/2014 |
| System Logging Security Standard for Restricted Data Devices Logging standards requirements for devices that store or process restricted University data |
03/2014 |
| Guidelines, Interpretations, and Commentary | Last Revised |
|---|---|
| University Cybersecurity Program Plan | 02/2020 |
| EULAs and the Acceptable Use of University Computers | 06/2012 |
| Security and Privacy for Network Monitoring | 08/2013 |
| Classifying and Protecting the UGAID | 12/2015 |
| Security and Privacy for Email and Messaging Systems | 06/2012 |
| Information Security Requirements for Contractors and Faculty | 06/2012 |
| Records Retention and Redacting/Removing Sensitive Data | 06/2012 |
| Security Incident Management Responsibilities | 06/2012 |
| Recommendations for Business Continuity Planning and Disaster Recovery Planning | 06/2012 |
| Encryption Guidelines | 05/2014 |
| Domain Name Aliases | 08/2001 |
| Handling Sensitive Personally Identifiable Information | 06/2015 |
| Federated Identity Information | 07/2015 |
| High Bandwidth Consumption Systems | 10/2015 |