The following OIT security policies establish a baseline for information security and risk management activities for the University and are based on the COV ITRM SEC530 and SEC514 Standards and defines the minimum acceptable level of information security and risk management activities that the University must implement.
It is the User's responsibility to ensure they familiarize themselves with these policies. Questions should be directed to the University Information Security Officer.
Office of Information Technology & SUPPORTING Policies
32-01 - Acceptable Use of Technological Resources
32-02 - Data Classification Policy
The following policies are currenlty under review and/or replacement.
- 32-8-2 Information Security Roles and Responsibilities
- 32-8-3 Business Impact Analysis
- 32-8-7 Security Audits
RECORDS MANAGMENT SCHEDULES
33-04 - University Records Management
Schedules can be found at http://www.lva.virginia.gov/agencies/records/sched_state/index.htm.
Common records can be found under the following General Schedules:
GS-101: General Administration, Contracts and Purchasing
GS-102: Finance & Accounting
GS-103: Human Resources/Personnel
GS-106: Building & Maintenance
GS-111: Academic Departments, Athletics, Housing, Research, Student Affairs, Student Financial, Student Registration, University Development
GS-113: Information Technology
GS-120: Health
32.8 Security Control Catalog
32.8.100 Access Control
BOV #38-02 (2020) - Logical Access Control Policy
BOV #38-08 (2022) Remote Wireless and Mobile Access Policy
32.8.200 Awareness And Training
BOV #38-04 (2021) - Security Awareness and Training Policy
32.8.300 Audit And Accountability
Currenlty undergoing review and/or replacement.
32.8.400 Security Assessment And Authorization
#10 UISP (2023) - Security Assessment and Authorization Policy
32.8.500 Configuration Management
#38-06 (2021) - Change Management Policy
32.8.600 Contingency Planning
Currenlty undergoing review and/or replacement.
32.8.700 Identification And Authentication
#38-05 (2021) - Identification and Authentication Policy
32.8.800 Incident Response
#38-09 (2022) – Incident Response
32.8.900 Maintenance
#38 (2020) - System Maintenance Policy
32.8.1000 Media Protection
#38-01 (2020) - Media Protection Policy
32.8.1100 Physical And Environmental Protection
Currenlty undergoing review and/or replacement.
32.8.1200 Planning
Currenlty undergoing review and/or replacement.
32.8.1300 Personnel Security
Currenlty undergoing review and/or replacement.
32.8.1400 Risk Assessment
BOV #38-07 (2022) – Risk Assessment
32.8.1500 System And Services Acquisition
BOV #38-03 (2021) - System and Services Acquisition Policy
32.8.1600 System And Communications Protection
Currenlty undergoing review and/or replacement.
32.8.1700 System And Information Integrity
#11 UISP (2023) System and Information Integrity Policy