Skip to Main Content

UNF IT Security Standards Policy

The purpose of this Policy is to:

  1. Establish standards regarding the use and safeguarding of UNF Information Resources;
  2. Protect the privacy of individuals by preserving the confidentiality of Personally Identifiable Information entrusted to UNF;
  3. Ensure compliance with applicable Policies, State and Federal laws and regulations regarding management of risks to and the security of Information Resources;
  4. Appropriately reduce the collection, use, or disclosure of social security numbers contained in any medium, including paper records;
  5. Establish accountability;
  6. Educate individuals regarding their responsibilities associated with use and management of UNF Information Resources;
  7. Serve as the foundation for UNF's Information Security Program, providing the authority to implement Policies, Standards, and Procedures necessary to implement an effective Information Security Program in compliance with this Policy.

Policy Statement

Information Resources residing at UNF are strategic and vital assets. Access to these resources shall be appropriately managed. It is the policy of UNF:

  • To protect Information Resources based on risk against accidental or unauthorized access, disclosure, modification, or destruction and assure the availability, confidentiality, and integrity of these resources;
  • Apply appropriate physical and technical safeguards without creating unjustified obstacles to conducting business and achieving the missions of the University; and
  • Comply with applicable state and federal laws and SUS rules governing information resources.


This Policy applies to:

  1. All institutions and organizational units within UNF;
  2. All Information Resources owned, leased, operated, or under the custodial care of any UNF organization or entity;
  3. All Information Resources owned, leased, operated, or under the custodial care of third-parties operated on behalf of any UNF organization or facility;
  4. All individuals accessing, using, holding, or managing University Information Resources.

Compliance with State Law

Information that is collected pursuant or related to the UNF Information Security Program is protected by Florida State Statute ยง119.071 and is therefore confidential by law. Accordingly, any University organization may not withhold information or fail to include information required by this Policy and/or Security Standards to be provided to or included in the UNF Information Security Program or for administration of program oversight.

Information Security Standards

All UNF organizations shall implement and abide by the following Standards:

Standard 1 - Information Resource Security Responsibilities and Accountability

Standard 2 - Acceptable Use of Information Resources

Standard 3 - Information Security Program

Standard 4 - Access Management

Standard 5 - Privileged Accounts

Standard 6 - Backup and Disaster Recovery

Standard 7 - Change Management

Standard 8 - Malware Prevention

Standard 9 - Data Classification

Standard 10 - Risk Management

Standard 11 - Safeguarding Data

Standard 12 - Security Incident Management

Standard 13 - Use and Protection of Social Security Numbers

Standard 14 - Information Systems Expectation of Privacy

Standard 15 - Passwords

Standard 16 - Data Center Security

Standard 17 - Cybersecurity Program Monitoring

Standard 18 - Cybersecurity Training

Standard 19 - Server and Device Configuration and Management

Standard 20 - Vendor and Third-Party Controls

Standard 21 - Clean Desk Policy

Standard 22 - Security Exceptions

Standard 23 - Credit Card Acceptance


IT Security Standards Definitions

Supplemental UNF policies, standards, guidelines, procedures, and forms

General Hardening Standards

See for more information

Who should know

All individuals accessing, managing, or possessing UNF Information Resources including staff, faculty, and students, as well as Vendors and contractors providing services on behalf of UNF and other third-party contractors.

Questions or comments

Questions or comments about this policy should be directed to: