UNF IT Security Standards Policy
The purpose of this Policy is to:
- Establish standards regarding the use and safeguarding of UNF Information Resources;
- Protect the privacy of individuals by preserving the confidentiality of Personally Identifiable Information entrusted to UNF;
- Ensure compliance with applicable Policies, State and Federal laws and regulations regarding management of risks to and the security of Information Resources;
- Appropriately reduce the collection, use, or disclosure of social security numbers contained in any medium, including paper records;
- Establish accountability;
- Educate individuals regarding their responsibilities associated with use and management of UNF Information Resources;
- Serve as the foundation for UNF's Information Security Program, providing the authority to implement Policies, Standards, and Procedures necessary to implement an effective Information Security Program in compliance with this Policy.
Policy Statement
Information Resources residing at UNF are strategic and vital assets. Access to these resources shall be appropriately managed. It is the policy of UNF:
- To protect Information Resources based on risk against accidental or unauthorized access, disclosure, modification, or destruction and assure the availability, confidentiality, and integrity of these resources;
- Apply appropriate physical and technical safeguards without creating unjustified obstacles to conducting business and achieving the missions of the University; and
- Comply with applicable state and federal laws and SUS rules governing information resources.
Applicability
This Policy applies to:
- All institutions and organizational units within UNF;
- All Information Resources owned, leased, operated, or under the custodial care of any UNF organization or entity;
- All Information Resources owned, leased, operated, or under the custodial care of third-parties operated on behalf of any UNF organization or facility;
- All individuals accessing, using, holding, or managing University Information Resources.
Compliance with State Law
Information that is collected pursuant or related to the UNF Information Security Program is protected by Florida State Statute §119.071 and is therefore confidential by law. Accordingly, any University organization may not withhold information or fail to include information required by this Policy and/or Security Standards to be provided to or included in the UNF Information Security Program or for administration of program oversight.
Information Security Standards
All UNF organizations shall implement and abide by the following Standards:
- Standard 1 - Information Resource Security Responsibilities and Accountability
- Standard 2 - Acceptable Use of Information Resources
- Standard 3 - Information Security Program
- Standard 4 - Access Management
- Standard 5 - Privileged Accounts
- Standard 6 - Backup and Disaster Recovery
- Standard 7 - Change Management
- Standard 8 - Malware Prevention
- Standard 9 - Data Classification
- Standard 10 - Risk Management
- Standard 11 - Safeguarding Data
- Standard 12 - Security Incident Management
- Standard 13 - Use and Protection of Social Security Numbers
- Standard 14 - Information Systems Expectation of Privacy
- Standard 15 - Passwords
- Standard 16 - Data Center Security
- Standard 17 - Cybersecurity Program Monitoring
- Standard 18 - Cybersecurity Training
- Standard 19 - Server and Device Configuration and Management
- Standard 20 - Vendor and Third-Party Controls
- Standard 21 - Clean Desk Policy
- Standard 22 - Security Exceptions
- Standard 23 - Credit Card Acceptance
Definitions
IT Security Standards Definitions
Supplemental UNF policies, standards, guidelines, procedures, and forms
See ITS Policies and Standards for more information.
Who should know
All individuals accessing, managing, or possessing UNF Information Resources including staff, faculty, and students, as well as Vendors and contractors providing services on behalf of UNF and other third-party contractors.
Questions or comments
Questions or comments about this policy should be directed to: itsecurity@unf.edu