You are here

Information Security Standards

University Information Security is working with the University at large to develop an information security standards framework, based on the security principals of NIST (National Institute of Standards and Technology) and ISO (The International Organization for Standardization) 27001 & 27002.

These are standards designed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a University Security Framework that will meet the unique requirements of the University going forward.

Documentation Standards for the Information Technology and Information Security documents listed here.

For Review

Information Security Policy

Published

Email infosecurity@umn.edu comments related to the following standards:

    Account Management

    Application Access Control

    Authentication

    Backup & Recovery of Data

    Backup & Recovery of Software, System Configuration

    Change Control

    Data Center

    Data Storage

    Device Encryption

    Device Firewall

    Device Physical Security

    Information Security Awareness, Education and Training

    Log Management

    Management of End User Device

    Media Sanitization

    Network Control

    Network Firewall

    Operating System Access Control

    Security Patching

    Technical Vulnerability Management

    User Administrative Privilege

    Virus/Malware Protection