CSU Information Security Policies & Standards

Sacramento State is committed to protecting the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to the University. Therefore, we hereby adopt both the California State University Information Security Policies and Standards and the Sacramento State Supplemental Information Security Policies.

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of Sacramento State's information and assets.
Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.
Procedures are detailed step by step instructions on how to implement or adhere to the standards.
Guidelines are recommended practices that are based on industry-standard practices.

Information Security Policy

CSU System Policy & Standards

Policies and standards are organized in the following, clickable index:

Policy Number	Policy Topic	Supplemental Policies	Standards	Procedures, Guidelines, Others
8000.0	Introduction and Scope
8005.0	Policy Management
8010.0	Establishing an Information Security Program
8015.0	Organizing Information Security		CSU: 8015.S000
8020.0	Information Security Risk Management		CSU: 8020.S000 CSU: 8020.S001	Sacramento State Vulnerability Management Standard Sacramento State Vulnerability Management Supplemental Standard for Workstations Sacramento State Vulnerability Exception Procedure Sacramento State Vulnerability Exception Request Form Sacramento State Quarantine Procedures
8025.0	Privacy of Personal Information
8030.0	Personnel Information Security		CSU: 8030.S000
8035.0	Information Security Awareness and Training		CSU: 8035.S000
8040.0	Managing Third Parties		CSU: 8040.S001
				General Provisions for Information Technology Acquisitions
				Information Security Requirements - Supplemental Provisions
				Higher Education Cloud Vendor Assessment Tool
8045.0	Information Technology Security		CSU: 8045.S200 CSU: 8045.S300 CSU: 8045.S301 CSU: 8045.302 CSU: 8045.400 CSU: 8045.600	Mobile Device Security
8050.0	Configuration Management		CSU: 8050.S100 CSU: 8050.S200	Sacramento State Common Workstation Standards Sacramento State High Risk Workstation Standards
8055.0	Change Control		CSU: 8055.S01
8060.0	Access Control		CSU: 8060.S000 Access Control Standard CSU: 8060.S000 Appendix A	Sacramento State Access Control Standard - Identity Verification Sacramento State Access Control Standard - Authentication Sacramento State Level 1 Systems Access Review Template
8065.0	Information Asset Management	EO1031	CSU: 8065.S001 CSU: 8065.S02 CSU: 8065.S003	Sacramento State Data Classification & Protection Standard
8070.0	Information Systems Acquisition, Development and Maintenance		CSU: 8070.S000	Sacramento State Vulnerability Management Standard Sacramento State Vulnerability Management Supplemental Standard for Workstations Sacramento State Vulnerability Exception Procedure Sacramento State Vulnerability Exception Request Form Sacramento State Quarantine Procedures Sacramento State Campus Web & Mobile Development Security Guideline
8075.0	Information Security Incident Management		CSU: 8075.S000
8080.0	Physical Security		CSU: 8080.S01
8085.0	Business Continuity and Disaster Recovery	EO1031 Records Retention & Disposition Schedules
8090.0	Compliance	HIPPA Policy Debit/Credit Card Payment Policy 6340.00 Sacramento State Debit/Credit Card Payments Policy	01-Sacramento State Credit Card Handling Security Standards	A01-Sacramento State Annual PCI Assessment Procedure A02-Sacramento State Annual Credit Card Acceptance Acknowledgement A03-Sacramento State User Access Inventory - Template A04-Sacramento State Device Inventory - Template A05 - Sacramento State Credit Card Business Process Inventory 02-Sacramento State Credit Card Acceptance Procedures 03-Sacramento State Credit Card Channel Request
8095.0	Policy Enforcement
8100.0	Electronic and Digital Signatures		CSU: 8100.S01
8105.0	Responsible Use Policy

California State University, Sacramento

Information Security Information Resources & Technology

Support Page Content

CSU Information Security Policies & Standards

Policies vs. Standards vs. Procedures

CSU System Policy & Standards