CSU Information Security Policy and Standards

Sacramento State is committed to protecting the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to the University. Therefore, we hereby adopt both the California State University Information Security Policies and Standards and the Sacramento State Supplemental Information Security Policies.

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of Sacramento State's information and assets.
Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.
Procedures are detailed step by step instructions on how to implement or adhere to the standards.
Guidelines are recommended practices that are based on industry-standard practices.

Sacramento State Information Security Policy

CSU Information Security Policy and Standards

I. Policy

II. Scope

III. Roles and Responsibilities

IV. ISO Policies

Policies and standards are organized in the following, clickable index:

Policy Section	Supplemental Policies	Procedures, Guidelines, Others
A.ISO Domain 5: Information Security Policy
B.ISO Domain 6: Organization of Information Security Policy		Sacramento State Data Classification and Protection Standard Sacramento State Vulnerability Management Standard Sacramento State Vulnerability Management Supplemental Standard for Workstations Sacramento State Vulnerability Exception Procedure Sacramento State Vulnerability Exception Request Form Sacramento State Quarantine Procedures
C.ISO Domain 7: Human Resource Information Policy		Sacramento State Data Classification and Protection Standard
D. ISO Domain 8: Asset Management Policy	EO1031 – Systemwide Records Information Retention and Disposition Schedules Implementation Policy Health Insurance Portability and Privacy Act(HIPAA) FERPA(Student Records) Privacy	Sacramento State Data Classification and Protection Standard CSU Records Retention and Disposition Schedules Sacramento State Data Privacy Policy and Standards Sacramento State Campus Privacy Notice Sacramento State Data Security & Records Retention Sacramento State Data Reporting Governance General Data Protection Regulation
E. ISO Domain 9: Access Control Policy		Sacramento State Access Control Standard – Identify Verification Sacramento State Access Control Standard – Authentication Sacramento State Level 1 Systems Access Review Template
F. ISO Domain 10: Cryptography Policy		CA State Regulation
G. ISO Domain 11: Physical and Environment Security Policy
H. ISO Domain 12: Operations Security Policy	Information Security Responsible Use Policy
H. ISO Domain 12: Operations Security Policy	Information Security Responsible Use Policy	Sacramento State Campus Device Standards Sacramento State Workstation Security Standards Sacramento State Common Workstation Standards Sacramento State High Risk Workstation Standards Sacramento State Student Device Standards Mobile Device Security Sacramento State Technology Procurement Request
I.ISO Domain 13: Communication Security Policy		Mobile Device Security
J. ISO Domain 14: Systems Acquisition, Development and Maintenance Policy		Sacramento State Vulnerability Management Standard Sacramento State Vulnerability Management Supplemental Standard for Workstations Sacramento State Vulnerability Exception Procedure Sacramento State Vulnerability Exception Request Form Sacramento State Quarantine Procedures Sacramento State Campus Web & Mobile Development Security Guideline
K. ISO Domain 15: Supplier Relationships Policy		General Provisions for Information Technology Acquisitions Information Security Requirements - Supplemental Provisions Higher Education Cloud Vendor Assessment Tool
L. ISO Domain 16: Information Security Incident Management Policy		Sacramento State Data Classification and Protection Standard
M. ISO Domain 17: Information Security Aspects of Business Continuity Management Policy	CSU System Business Continuity Program EO1031 – Systemwide Records Information Retention and Disposition Schedules Implementation Policy	Sacramento State Business Continuity and Disaster Recovery Plan
N. ISO Domain 18: Compliance Policy	HIPPA Policy Debit/Credit Card Payment Policy 6340.00 Sacramento State Debit/Credit Card Payments Policy	Sacramento State Data Privacy Policy and Standards A01-Sacramento State Annual PCI Assessment Procedure A02-Sacramento State Annual Credit Card Acceptance Acknowledgement A03-Sacramento State User Access Inventory - Template A04-Sacramento State Device Inventory - Template A05 - Sacramento State Credit Card Business Process Inventory 02-Sacramento State Credit Card Acceptance Procedures 03-Sacramento State Credit Card Channel Request
O. Enforcement

California State University, Sacramento

Information Security Information Resources & Technology

Support Page Content

CSU Information Security Policy and Standards

Policies vs. Standards vs. Procedures

CSU Information Security Policy and Standards