Topics Map > UW-Madison > Cybersecurity

UW-Madison - Policy Portfolio - Cybersecurity Portfolio List

These are all UW-Madison cybersecurity policies that are registered with the Office of Cybersecurity. Closely related policies are grouped together.

The list is primarily useful to UW-Madison IT Staff. For a general list of campus IT policies, see:

Table of Contents

  • These eight portfolios cover all cybersecurity policies and policy-related documents. Documents identified as "IT Policy" are developed and mantained by the Office of the CIO and are approved by the Information Technology Committee. Relevant documents from UW System and from other UW-Madison Schools, Colleges and Divisions are included in each portfolio. The Policy Planning and Analysis Team and the Office of the CIO cooperate with others to help ensure consistency.

Acquisition and Development

Acquisition and Development addresses the selection, acquiring or development of any IT asset, including hardware, software, data, and IT services.


Related Documents

Configuration and Maintenance

Configuration and Maintenance addresses how IT devices and software are managed and maintained to ensure correct and secure operation.


Related Documents

  • None

Contingency Planning

Contigency Planning addresses what is to be done to account for a possible situation or event, particularly ones that involve IT, that may be harmful or disruptive to operations.


Related Documents

Education, Training and Awareness

Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW.


  • Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) (on
  • HIPAA (on

    • 8.7 Destruction/Disposal of PHI
    • 9.1 HIPAA Privacy and Security Training
    • 9.2 Responding to Employee Noncompliance related to HIPAA
    • 9.3 Responding to Student Noncompliance related to HIPAA
  • IT Policy

  • UW System (on

  • Related Documents

    Identity and Access Management

    Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access.


    Related Documents

    Monitoring and Mitigation

    Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken.


    Related Documents


    Privacy addresses the protection of privacy in an IT environment.


    • Faculty Senate - Access to Faculty and Staff Electronic Files Policy

    • HIPAA (on

      • 2.1 Notice of Privacy Practices (NPP)
      • 3.2 Uses and Disclosures of Protected Health Information That Require Patient Authorization
      • 3.3 Uses and Disclosures of PHI Not Requiring Patient Authorization
      • 3.4 Uses and Disclosures of PHI That Require Providing Patient with an Opportunity to Agree or Object
      • 3.5 Uses and Disclosures of Protected Health Information for Education and Training
      • 3.6 Uses and Disclosures of Protected Health Information for Marketing
      • 3.7 Uses and Disclosures of Protected Health Information for Fundraising
      • 3.8 Minimum Necessary Standard
      • 3.9 Verifying Identity and Authority of Persons Seeking Disclosure of a Patient's PHI
      • 3.10 Designated Record Set
      • 3.11 Sale of Protected Health Information Generally Prohibited
      • 5.1 De-identification of Protected Health Information Under the HIPAA Privacy Rule
      • 5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
      • 7.1 Requests by Patients for an Accounting of Certain Disclosures
      • 7.2 Requests by Patients to Amend Protected Health Information
      • 7.3 Requests by Patients for Alternative Confidential Communications
      • 7.4 Requests by Patients for Access to Inspect and Obtain a Copy of Protected Health Information
      • 7.5 Requests by Patients for Restrictions on Uses and Disclosures of Protected Health Information
      • 8.5 Security of Faxed, Printed, and Copied Documents Containing Protected Health Information
      • 8.6 Email Communication Involving Protected Health Information
      • 10.1 Complaints Under the HIPAA Privacy Rule
    • IT Policy - Collection of Personal Identity Information via Email

    • UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on

    • UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on

    Related Documents

    Risk Management

    Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions.


    Related Documents


    Please address questions or comments to


    Keywords:policies index policy requirements requirement requirements, it-security-staff it-staff information-technology security, cloud-services identity-management mobile-devices network personally-owned-devices records-management resource-management security cloud cybersecurity devices identity mobile networking personal personally records resource telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control acquisition-and-development configuration-and-maintenance contingency-planning education-and-training monitoring-and-mitigation privacy risk-management access acquisition configuration contingency cdm development education maintenance awareness mitigation monitoring planning risk training seta coop rmf listDoc ID:58557
    Owner:GARY D.Group:IT Policy
    Created:2015-11-27 18:53 CSTUpdated:2019-03-16 13:22 CST
    Sites:IT Policy
    Feedback:  45   1