UW-Madison - Policy Portfolio - Monitoring and Mitigation
The Monitoring and Mitigation portfolio includes documents related to ongoing monitoring of vulnerabilities and threats, and response to vulnerabilties and incidents that are detected.
Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Policies
Accounting Services - Credit Card Merchant Services and PCI Compliance (reconciliation, vulnerability scanning, transaction walk-thru's) (on bussvc.wisc.edu)
DoIT - Incident Reporting and Response Policy (please contact itpolicy@cio.wisc.edu)
HIPAA (on compliance.wisc.edu)
- 8.3 HIPAA Security Auditing Policy
- 8.8 Notification and Reporting Policy
IT Policy
UW System (on wisconin.edu)
- 1033 Information Security: Incident Response
- 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions)
Related Documents
IT Policy-related
- Computer Logging Statement
- Continuous Diagnostics and Mitigation Implementation Plan (under development)