Skip to Main Content

Standard 17 - Cybersecurity Program Monitoring



  1. At a minimum, the UNF Chief Information Security Officer must ensure:
    1. That network traffic and use of information resources is monitored as authorized by applicable law and only for purposes of fulfilling the University’s mission
    2. Server and network logs are reviewed manually or through automated processes on a regular basis as dictated by risk and regulation to ensure that information resources containing sensitive data are not being inappropriately accessed
    3. Vulnerability assessments are performed on all servers on a routine basis (at least weekly) to identify software and configuration weaknesses within information systems. Critical and high vulnerabilities are to be mitigated within 5 business days of discovery
    4. An annual, professionally administered and reported external network penetration test is performed. This penetration test should use a different 3rd party vendor each year
    5. That results of log reviews, vulnerability assessments, penetration tests, and IT audits are reviewed and that any required remediations are implemented as resources allow
     

Return to the ITS Policies and Procedures List