These are all UW-Madison cybersecurity policies that are registered with the Office of Cybersecurity. Closely related policies are grouped together.
The list is primarily useful to UW-Madison IT Staff. For a general list of campus IT policies, see: https://kb.wisc.edu/itpolicy/cio-policies.
These eight policy portfolios cover all cybersecurity-related policies and documents that are currently tracked as relevant to IT Policy. The NIST SP 800-53 control families are exhaustively mapped to/from these portfolios at: https://kb.wisc.edu/itpolicy/cybersecurity-policy-control-mapping. The majority of the material aligns with the main portfolio entry of a document. There are additional entries when there is significant overlap with other portfolios.
Documents identified as "IT Policy" are developed and mantained by the Office of the CIO and are approved by the Information Technology Committee. Relevant documents from UW System and from other UW-Madison Schools, Colleges and Divisions are included in each portfolio. The Policy Planning and Analysis Team and the Office of the CIO cooperate with others to help ensure consistency.
See also: Provisional UW–Madison Online Collaboration Session Recording Policy (eff. March 16, 2020) for IT policy related to COVID-19
See also: Policy Portfolios (all portfolios, including the cybersecurity portfolios listed above)
Acquisition and Development addresses the selection, acquiring or development of any IT asset, including hardware, software, data, and IT services. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (device acquisition, merchant accounts, third-party vendors) (on bussvc.wisc.edu)
DoIT - Standards for Managing Test and Service Accounts (please contact itpolicy@cio.wisc.edu)
Purchasing Services - Purchasing Policies & Procedures (on bussvc.wisc.edu)
UW System (on wisconsin.edu)
IT Policy-related
IT Governance (on it.wisc.edu)
Configuration and Maintenance addresses how IT devices and software are managed and maintained to ensure correct and secure operation. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (device configuration and maintenance) (on bussvc.wisc.edu)
HIPAA (on compliance.wisc.edu)
IT Policy
Contigency Planning addresses what is to be done to account for a possible situation or event, particularly ones that involve IT, that may be harmful or disruptive to operations. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (contingency planning) (on bussvc.wisc.edu)
HIPAA (on compliance.wisc.edu)
DoIT - Disaster Recovery Plan (please contact itpolicy@cio.wisc.edu)
UW PD - Continuity of Operations Plan (COOP) (on uwpd.wisc.edu)
Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
HIPAA (on compliance.wisc.edu)
IT Policy
UW System (on wisconsin.edu)
IT Policy-related
Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (access control provisions) (on bussvc.wisc.edu)
Faculty Senate - Access to Faculty and Staff Electronic Files Policy (main entry: Privacy)
HIPAA (on compliance.wisc.edu)
IT Policy
UW System (on wisconsin.edu)
IT Policy-related
Records Management - Electonic Communications Guidance (PDF) (on library.wisc.edu)
Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (reconciliation, vulnerability scanning, transaction walk-thru's) (on bussvc.wisc.edu)
DoIT - Incident Reporting and Response Policy (please contact itpolicy@cio.wisc.edu)
HIPAA (on compliance.wisc.edu)
IT Policy
UW System (on wisconin.edu)
IT Policy-related
Privacy addresses the protection of privacy in an IT environment. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Faculty Senate - Access to Faculty and Staff Electronic Files Policy
HIPAA (on compliance.wisc.edu)
IT Policy - Collection of Personal Identity Information via Email
UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on it.wisc.edu)
UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on wisconsin.edu)
IT Policy-related
Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (annual validation, approvals, roles, responsibilities, sanctions) (on bussvc.wisc.edu)
HIPAA (on compliance.wisc.edu)
IT Policy
UW System (on wisconsin.edu)
IT Policy-related
Please address questions or comments to itpolicy@cio.wisc.edu.
Keywords | policies index policy requirements requirement requirements, it-security-staff it-staff information-technology security, cloud-services identity-management mobile-devices network personally-owned-devices records-management resource-management security cloud cybersecurity devices identity mobile networking personal personally records resource telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control acquisition-and-development configuration-and-maintenance contingency-planning education-and-training monitoring-and-mitigation privacy risk-management access acquisition configuration contingency cdm development education maintenance awareness mitigation monitoring planning risk training seta coop rmf list | Doc ID | 58557 |
---|---|---|---|
Owner | Tim B. | Group | IT Policy |
Created | 2015-11-27 18:53 CST | Updated | 2022-08-31 15:05 CST |
Sites | IT Policy | ||
CleanURL | https://kb.wisc.edu/itpolicy/cybersecurity-policy-list | ||
Feedback | 14 0 Comment Suggest a new document |