You are here

Information Security Standards

All Information Security Standards with the required controls are published in the University Policy Library. 

The information security standards provide an evolving model for maintaining and improving the information security of the University.  They are based on the security principals of NIST (National Institute of Standards and Technology) and ISO (The International Organization for Standardization) 27001 & 27002.

The index below provides a link to:

  • a specific standard in the University Policy Library, and
  • supporting information for the specific information security standard.

Account Management

Application Access Control

Authentication

Backup & Recovery of Data

Backup & Recovery of Software, System Configuration

Change Control

Data Center

Data Storage

Device Encryption

Device Firewall

Device Physical Security

Information Security Awareness, Education and Training

Log Management

Management of End User Device

Media Sanitization

Network Control

Network Firewall

Operating System Access Control

Security Patching

Technical Vulnerability Management

User Administrative Privilege

Vendor/Supplier Management

Virus/Malware Protection

The above supporting information for the information security statandards follow the Documentation Standards for the Information Technology and Information Security. Email infosecurity@umn.edu with comments related to the Information Security Standards.