IT PolicyExternal KB : IT Policy Activity, Jul 2018

IT Policy Activity, Jul 2018

Posted: 2018-06-19 08:00:00   Expiration: 2018-07-26 18:00:00

The itpolicy-announce list communicates policy changes and opportunities to participate in development. Anyone may join by sending a blank email to join-itpolicy-announce@lists.wisc.edu.

Previous month | Next month

Change History

• Published on 6/28.

Opportunities to help shape IT policy

• The next IT Policy Forum will be August 2, 12:00-1:30, Rm 159 Education Bldg. (1000 Bascom Mall). Topic: Cloud Strategy.

• The Information Incident Reporting and Response Policy and Procedures will be reviewed and revised this Summer and Fall. The PAT Incident Response Subcommittee will make recommendations.

• The Encryption Policy and Standard is being reviewed and revised this Summer and Fall. The PAT Encryption Subcommittee will make recommendations. Review this month will be at the UW-Madison Information Security Team meeting on Jul 12, 2:00-3:30, Rm 3139 CS, and the Policy Planning and Analysis Team meeting on Jul 13, 2:00-3:30, Rm 3139AB CS. You are welcome to attend.

• The Password Standard will be reviewed and revised this Summer. The Identity and Access Management Council (IAM Council) will make recommendations. Review this month will be at the UW-Madison Information Security Team meeting on Jul 12, 2:00-3:30, Rm 3139 CS, and the Policy Planning and Analysis Team meeting on Jul 13, 2:00-3:30, Rm 3139AB CS. You are welcome to attend.

• The PAT Policy Portfolio Subcommittee helps organize and manage topic-oriented portfolios of IT policies. The team is currently working on the Digital Accessibility portfolio, of which Web Accessibility is a significant part. Next meeting is Mon, Jul 30, 1:00-2:00, Rm 2281 CS. You are welcome to attend.

• The Web Accessibility Policy and Procedures will be reviewed and revised during the 2018-2019 academic year. Current plan is to form a policy stakeholders team, to begin meeting in October. Please contact accessibility@cio.wisc.edu or policy@cio.wisc.edu if you are interested in participating.

• To comment, or otherwise get involved, please email policy@cio.wisc.edu.

New / Revised Documents

• The Network Firework Firewall Policy and Implementation Plan were issued on Jun 18. Review and revision will begin in September.

• See the Last Reviewed / Revised List for earlier activity.

• For questions or comments, please email policy@cio.wisc.edu.

Endorsement / Approval Pending

• The Network Firewall Policy and Implementation Plan will be reviewed by the ITC this Fall.

• Accelerated revision of the Password Standard is occurring this Summer and Fall in order to better align with UW System policy. The proposal is to move to the new guidance in NIST SP 800-63-3. For an overview of the practical effect of the new guidance see "How to select, manage & protect your passwords". The IAM Council will make recommendations.

• Accelerated review and revision of the Encryption Policy and Standard is under way this Summer and Fall in order to better align with UW System policy. The PAT Encryption Subcommittee will make recommendations.

• To comment, or suggest additional documents that need to be developed or revised, please email policy@cio.wisc.edu.

Forums / Events

• The next IT Policy Forum will be August 2, 12:00-1:30, Rm 159 Education Bldg (1000 Bascom Mall).

  Topic: Cloud Strategy.
  Speaker: Joe Johnson, Office of the CIO, Cloud Strategist.
  Introduction by Lois Brooks, Vice Provost for Information Technology and CIO.

• To comment, or suggest future topics, please email policy@cio.wisc.edu.

Teams / Governance

Policy Planning & Analysis Team (PAT) and its subcommittees

• Fri, Jul 13, 2:00-3:30, Rm 3139AB CS. (Please note the change in date and time.)

  • Review the draft revision of the following documents:

    • Encryption Policy and Standard.
    • Password Standard.

  • Receive report from the following subcommittees:

    • IT Assets
    • Incident Response
    • Communications
    • Portfolio
    • Process

  • The PAT normally meets on the first Friday of the month, 1:30-3:00 in Rm 3139 CS. You are welcome to attend.

• PAT Executive Committee meeting, Fri, Jul 20, 2:15-3:15, Rm 2147 CS.

  • Planning for the Jul PAT plenary meeting.

  • The PAT Executive Committee meets on the third Friday of the month, 2:15-3:15, Rm 2147 CS. You are welcome to attend.

• PAT Subcommittees:

  • Communications Subcommittee (ongoing): Communications of policy development and published IT policies, including IT Policy Forums, the IT Policy Knowledgebase, and policy-related web pages on it.wisc.edu. Next meeting is Wed, Jul 18, 10:00-11:00, Rm 2281 CS.

  • Portfolio Subcommittee (ongoing): Organizing and managing IT policies as portfolios of related policies. Next meeting will be Mon, Jul 30, 1:00-2:00, Rm 2281 CS.

  • Process Subcommittee (ongoing): Monitoring and improving the process of IT policy development. Next meeting will be Mon, Jul 9, 11:00-12:00, Rm 2147 CS.

  • For more information please contact policy@cio.wisc.edu.

• Policy-related activity by other teams:

  • IAM Council: Working on recommendations for revision of the Password Standard, and on implementation of multi-factor authentication.

  • For more information please contact policy@cio.wisc.edu.

UW-Madison Information Security Team (UW-MIST)

• Jul 12, 2:00-3:30, Rm 3139 CS.

  • Discuss the following IT-policy-related topics:

    • Future action on the Network Firewall Policy and Implementation Plan.
    • Review the draft Encryption Policy and Standard.
    • Review proposed parameters for revision of the Password Standard.

  • Discuss the upcoming UW System audit.

• Contact cybersecurity@cio.wisc.edu.

Previous month | Next month

-- IT Policy: GARY DE CLUTE