University of Wisconsin KnowledgeBase : IT Policy Activity, Apr 2018

IT Policy Activity, Apr 2018

Posted: 2018-03-29 07:00:00   Expiration: 2018-04-26 16:00:00

The itpolicy-announce list communicates policy changes and opportunities to participate in development. Anyone may join by sending a blank email to join-itpolicy-announce@lists.wisc.edu.

Previous month | Next month

Change History

• Apr announcements published on 3/29.
• Updated on 4/13 and 4/23. See red underlined text for new information.

Opportunities to help shape IT policy

• There will be an IT Policy Forum on April 26, 1:00-2:30, Rm 3139 CS. Topic: Digital Accessibility Policy.

• The Information Incident Reporting and Response Policy and Procedures will be reviewed and revised this Summer and Fall by the newly formed PAT Incident Response Subcommittee.

• The recently formed PAT Policy Portfolio Subcommittee helps organize IT policies into topic-oriented portfolios, for example, Cybersecurity Access Control, Digital Accessibility, or IT Resource Management. Over time, the Subcommittee will systematically cycle through the portfolios and make recommendations to the PAT on the organization, maintenance, and expansion of the documents.

• To comment, or otherwise get involved, please email policy@cio.wisc.edu.

New / Revised Documents

• The Cybersecurity Risk Management Policy and Implementation Plan were issued on March 16.

• See the Last Reviewed / Revised List for earlier activity.

• For questions or comments, please email policy@cio.wisc.edu.

Endorsement / Approval Pending

• The draft Network Firewall Policy was reviewed by the Advanced Threat Protection Steering Committee (ATP SC) on Sep 21, the Policy Planning and Analysis Team (PAT), on Sep 26, and the UW-Madison Information Security Team (UW-MIST) on Oct 5. During February, the documents were further vetted with UW-MIST, the ATP Steering Committee, and others. The PAT forwarded the draft policy for considerated by IT governance beginning in April.

• Accelerated revision of the Password Standard is occurring this Summer in order to better align with UW System policy. The proposal is to move to the new guidance in NIST SP 800-63-3. For an overview of the new guidance see "How to select, manage & protect your passwords". The newly formed IAM Steering Group will make recommendations.

• Review and revision of the Information Incident Reporting and Response Policy and Procedures will occur this Summer and Fall. The PAT Incident Response Subcommittee will make recommendations.

• Accelerated review and revision of the Storage and Encryption Policy and Standard is occuring this summer in order to better align with UW System policy. The PAT Encryption Subcommittee will make recommendations.

• To comment, or suggest additional documents that need to be developed or revised, please email policy@cio.wisc.edu.

Forums / Events

• The next IT policy forum is April 26, 1:00-2:30, Rm 3139 CS. Topic: Digital Accessibility Policy.

• There was a Cybersecurity Listening Session on April 4, 1:00-2:00, 1360 Genetics Bldg. Topic: The new password standard from the National Institute for Standards and Technology. For an overview of the new standard see "How to select, manage & protect your passwords".

• To comment, or suggest future topics, please email policy@cio.wisc.edu.

Teams / Governance

Infrastructure Technology Advisory Group (ITAG)

• Mon, May 21, 3:00-4:40, Room B109 CS.

  • Review draft Network Firewall Policy (tentative).

Policy Planning & Analysis Team (PAT) and its subcommittees

• PAT plenary meeting, Apr 06, Notes.

  • Network Firewall Policy.
  • Aligning IT Policy with UW System Policy
  • Cybersecurity Risk Management Policy Implementation Plan

  • The PAT meets on the first Friday of the month, 1:30-3:00 in Rm 3139 CS. You are welcome to attend.

• PAT Communications Subcommittee meeting, Notes.

  • Preparation for the April 26 IT Policy Forum.
  • IT Policy KB review.

  • The PAT communications subcommittee meets on the third Wednesday of the month, 10:00-11:00, Rm 2281 CS. You are welcome to attend.

• PAT Executive Committee meeting, Notes.

  • Status of PAT subcommittees.
  • Planning for the May PAT plenary meeting.

  • The PAT Executive Committee meets on the third Friday of the month, 2:15-3:15, Rm 2147 CS. You are welcome to attend.

• Other PAT Subcommittees:

  • Encryption Subcommittee: Making accelerated recommendations on alignment with UW System policy. Next meeting will be Wed,May 9, 3:30-4:30, Rm 2147 CS.

  • Incident Response Subcommittee: Review and revision of the UW-Madison Information Incident Reporting and Response Policy and procedures. First meeting will be May 14, 3:00-4:00, Rm TBD.

  • IT Assets Subcommittee: Making accelerated recommendations on the definition of goods and services for which the acquisition or contracting is subject to IT governance policies and procedures. Next meeting will be Mon, May 7, 1:00-2:00 Rm 3139B CS.

  • Policy Impact Subcommittee: Estimating and communicating the impact of new or revised IT policies. Next meeting is waiting for feedback from IT governance on the analysis of the Network Firewall policy.

  • Policy Portfolio Subcommittee: Organizing and managing IT policies as portfolios of related policies. Next meeting will be Wed, May 30, 3:30-4:30, Rm 2147 CS.

  • For more information please contact policy@cio.wisc.edu.

• Policy-related activity by other teams:

  • IAM Steering Group: The team is newly formed. First policy-related topic will be accelerated recommendations on alignment of the UW-Madison Password Standard with UW System policy. First meeting is being scheduled for somtime in May

  • SETA Steering Committee: Team is forming. First policy-related topic will be the SETA Implementation Plan.

  • For more information please contact policy@cio.wisc.edu.

Previous month | Next month

-- IT Policy: GARY DE CLUTE