IT Security Standards
UA Board of Regents Policy 02.07, the UA Information Security Program, and this body of IT Security Standards apply to the UA System and all users of UA computing resources. These standards are reviewed and approved by the CIO Management Team (CMT), a system-wide governance group consisting of each university CIO, the UA CITO, and the UA CISO.
NEW STANDARDS
- Password and Authentication Standard
- Information Security Controls and Exceptions Standard
- Vulnerability and Patch Management Standard
COMING SOON
- Generative AI Security Standard
- UPDATE: Acceptable Use of Online Resources
GENERAL IT POLICIES
- Acceptable Use of Online Resources policy
- Administrative Guidelines: Use of Email (.pdf)
- Downloading Copyrighted Materials FAQs
- UA Cloud Computing Guidelines
- UA Guidelines for the Use of Social Media Final
- User Extensions Policy
DATA AND ADMIN POLICIES
- Accounting and Administrative Manual Section 100: Accounting and Finance Administrative Policy for Payment Card Industry (PCI) (.pdf)
- Bulk Document Shredding
- Data Classification
- Retention and Disposition Schedules
- University of Alaska Board of Regents Policy and Regulation, including Ch 02.07 Information Resources and Ch 05.08 Business Practices (such as printing standards and records retention)
SECURITY POLICIES
- Configuring SSL Securely
- Encryption Options
- ID Theft Program
- InfoSec Breach and Handling Procedure
- Information Resource Data and System Classification Standard
- Information Security Definitions & Terminology
- Minimum Security Standard for Desktop Systems
- Mobile Device Security
- Remote Access Security Requirements
- Standards for System Logging
- UA System Security Guidelines
PRIVACY POLICIES