Cybersecurity Policies & Standards

Â̾ÞÈËÊÓƵ Cybersecurity Policies

A.ÌýCybersecurity Policy (effective October 19, 2023)

B.ÌýAcceptable Use PolicyÌýÌý(effective July 1, 2022)

C.ÌýInformation Classification Policy (effective July 1, 2022)

D.ÌýPassword PolicyÌý(effective October 4, 2022)

E.ÌýPrivacy PolicyÌý(effective August 1, 2022)

Â̾ÞÈËÊÓƵ Cybersecurity Standards

Application Security
communication
Data security
device management
Identity and Access Management
network & connectivity
physical security
risk management
system administration
vendor management
ADDITIONAL DOCUMENTS

Ìý


Contact Information

The Ìýform can be used to ask questionsÌýor raise concerns about any of the published Standards.Ìý

You can also contact the Cybersecurity GRC team atÌýCybersecurity.GRC@usnh.edu. However, unless specifically noted as being open for Public Comment, Standards published to this site are final, approved versions provided to allow administrative, academic, and business units an opportunity to review prior to their effective date and, if needed, request exceptions.

All other requests can be submitted here:Ìý


Enforcement

Failure to comply with the Â̾ÞÈËÊÓƵ Cybersecurity Standards puts the University System, its component institutions, and its information and information technology resources at risk and may result in disciplinary action. Disciplinary procedures will be proportionally appropriate for the individual responsible for noncompliance (e.g., students, faculty, staff, vendors) as outlined in the relevant institutional regulations for that individual (e.g., student conduct and/or applicable personnel policies). Non-compliant technology and/or activities may be mitigated as deemed necessary by the CISO and/or CIO. Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.


Exceptions

Requests for exceptions to any of the Â̾ÞÈËÊÓƵ Cybersecurity Standards may be submitted and approved according to the requirements provided in the Cybersecurity Exception Standard.


Glossary

For terms and definitions, please refer to the