Topics Map > UW-Madison > Cybersecurity

UW-Madison - Policy Portfolio - Cybersecurity Portfolio List

These are all UW-Madison cybersecurity policies that are registered with the Office of Cybersecurity. Closely related policies are grouped together.

The list is primarily useful to UW-Madison IT Staff. For a general list of campus IT policies, see: https://kb.wisc.edu/itpolicy/cio-policies.



Contents

  • These eight policy portfolios cover all cybersecurity-related policies and documents that are currently tracked as relevant to IT Policy. The NIST SP 800-53 control families are exhaustively mapped to/from these portfolios at: https://kb.wisc.edu/itpolicy/cybersecurity-policy-control-mapping. The majority of the material aligns with the main portfolio entry of a document. There are additional entries when there is significant overlap with other portfolios.

    Documents identified as "IT Policy" are developed and mantained by the Office of the CIO and are approved by the Information Technology Committee. Relevant documents from UW System and from other UW-Madison Schools, Colleges and Divisions are included in each portfolio. The Policy Planning and Analysis Team and the Office of the CIO cooperate with others to help ensure consistency.


Acquisition and Development

Acquisition and Development addresses the selection, acquiring or development of any IT asset, including hardware, software, data, and IT services. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents


Configuration and Maintenance

Configuration and Maintenance addresses how IT devices and software are managed and maintained to ensure correct and secure operation. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents

  • None

Contingency Planning

Contigency Planning addresses what is to be done to account for a possible situation or event, particularly ones that involve IT, that may be harmful or disruptive to operations. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents


Education, Training and Awareness

Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

  • Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) (on bussvc.wisc.edu)
  • HIPAA (on compliance.wisc.edu)

    • 8.7 Destruction/Disposal of PHI
    • 9.1 HIPAA Privacy and Security Training
    • 9.2 Responding to Employee Noncompliance related to HIPAA
    • 9.3 Responding to Student Noncompliance related to HIPAA
  • IT Policy

  • UW System (on wisconsin.edu)

  • Related Documents


    Identity and Access Management

    Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents


    Monitoring and Mitigation

    Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents


    Privacy

    Privacy addresses the protection of privacy in an IT environment. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    • Faculty Senate - Access to Faculty and Staff Electronic Files Policy

    • HIPAA (on compliance.wisc.edu)

      • 2.1 Notice of Privacy Practices (NPP)
      • 3.2 Uses and Disclosures of Protected Health Information That Require Patient Authorization
      • 3.3 Uses and Disclosures of PHI Not Requiring Patient Authorization
      • 3.4 Uses and Disclosures of PHI That Require Providing Patient with an Opportunity to Agree or Object
      • 3.5 Uses and Disclosures of Protected Health Information for Education and Training
      • 3.6 Uses and Disclosures of Protected Health Information for Marketing
      • 3.7 Uses and Disclosures of Protected Health Information for Fundraising
      • 3.8 Minimum Necessary Standard
      • 3.9 Verifying Identity and Authority of Persons Seeking Disclosure of a Patient's PHI
      • 3.10 Designated Record Set
      • 3.11 Sale of Protected Health Information Generally Prohibited
      • 5.1 De-identification of Protected Health Information Under the HIPAA Privacy Rule
      • 5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
      • 7.1 Requests by Patients for an Accounting of Certain Disclosures
      • 7.2 Requests by Patients to Amend Protected Health Information
      • 7.3 Requests by Patients for Alternative Confidential Communications
      • 7.4 Requests by Patients for Access to Inspect and Obtain a Copy of Protected Health Information
      • 7.5 Requests by Patients for Restrictions on Uses and Disclosures of Protected Health Information
      • 8.5 Security of Faxed, Printed, and Copied Documents Containing Protected Health Information
      • 8.6 Email Communication Involving Protected Health Information
      • 10.1 Complaints Under the HIPAA Privacy Rule
    • IT Policy - Collection of Personal Identity Information via Email

    • UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on it.wisc.edu)

    • UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on wisconsin.edu)

    Related Documents


    Risk Management

    Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents

    Contact

    Please address questions or comments to itpolicy@cio.wisc.edu.

    References




    Keywordspolicies index policy requirements requirement requirements, it-security-staff it-staff information-technology security, cloud-services identity-management mobile-devices network personally-owned-devices records-management resource-management security cloud cybersecurity devices identity mobile networking personal personally records resource telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control acquisition-and-development configuration-and-maintenance contingency-planning education-and-training monitoring-and-mitigation privacy risk-management access acquisition configuration contingency cdm development education maintenance awareness mitigation monitoring planning risk training seta coop rmf listDoc ID58557
    OwnerTim B.GroupIT Policy
    Created2015-11-27 19:53:33Updated2022-08-31 16:05:54
    SitesIT Policy
    CleanURLhttps://kb.wisc.edu/itpolicy/cybersecurity-policy-list
    Feedback  14   0