FSU has established standards that provide security and privacy requirements and best practices that support and supplement FSU Technology Policies. These requirements and best practices preserve the confidentiality, integrity and availability of the university’s information technology assets and safeguard these assets from unauthorized access or threats that could harm the university or members of the university community.
4-OP-H-25.01 Data Security Standard
Defines security and privacy requirements for protecting the confidentiality, integrity and availability of FSU information that is accessed, collected, stored, processed or transmitted by users
4-OP-H-25.02 Information Privacy Standard
Establishes a university-wide privacy program that respects and protects the privacy of students, alumni, faculty and staff, and safeguards information resources from loss, misuse and unauthorized access or modification
4-OP-H-25.03 IT Security Configuration Management Standard
Sets requirements for implementing and maintaining secure configurations for IT assets to minimize operational malfunctions, external threat intrusions and vulnerabilities and unauthorized data disclosures
4-OP-H-25.04 IT Network Security Standard
Monitors and protects the university’s IT networks and associated systems, services and applications from abuse, attacks and inappropriate use
4-OP-H-25.05 Bring Your Own Device Standard
Provides requirements for the use of personally owned devices that connect to FSU technology resources, conduct FSU business or interact with internal university networks and business systems
4-OP-H-25.06 IT Security and Privacy Training Standard
Identifies baseline IT training requirements for all users, based on users’ roles, responsibilities and their access to FSU data and IT resources
4-OP-H-25.07 IT Access, Authorization and Authentication Standard
Defines identity management and access controls that protect IT resources from unauthorized use or access to devices, systems, services and applications
4-OP-H-25.08 IT Physical Security Standard
Describes the requirements for protecting campus facilities that host university information resources from threats, including the risk of loss, theft, damage, interruption or unauthorized access
4-OP-H-25.09 IT Vulnerability Management Standard
Establishes a framework for identifying, assessing and remediating IT vulnerabilities on devices connected to FSU networks that could cause a significant threat to the university network and other IT resources
4-OP-H-25.10 IT Log Collection, Analysis and Retention Standard
Provides guidance of the maintenance of log data which assists with detecting, analyzing, preventing and responding to potential information security incidents related to FSU systems
4-OP-H-25.11 IT Incident Response Standard
Outlines the requirements for detecting, analyzing, prioritizing and handling IT security incidents to minimize the loss of information and disruption of services caused by an incident
4-OP-H-25.12 IT Disaster Recovery Planning Standard
States the requirements for IT disaster recovery planning to facilitate the timely recovery and restoration of FSU IT systems that support access to critical business functions and data
4-OP-H-25.13 IT Third-Party Vendor Management Standard
Explains the requirements necessary to ensure contracts and agreements with third parties involving IT resources, cloud or other outsourced services guarantee compliance with FSU security policies and standards
4-OP-H-25.14 Encryption Standard
Defines requirements for the use of encryption technologies to protect FSU data and resources that are stored or transmitted over networks
4-OP-H-25.15 IT Data Disposal and Media Sanitization Standard
Delineates the requirements for proper disposal of electronic data and media to prevent unauthorized access to or disclosure of institutional information
4-OP-H-25.16 IT Application Secure Coding Standard
Ensures IT applications developed or administered by FSU reflect secure coding practices to reduce the likelihood of unauthorized disclosure or theft of sensitive institutional information
4-OP-H-25.17 IT Enterprise Integration Security Standard
Provides requirements for integration with IT enterprise systems that minimize the vulnerability of systems to external attacks, unauthorized disclosure of information and unauthorized access to interfaces or system configurations
4-OP-H-25.18 Risk Management Standard
Establishes requirements for risk management through security assessment and planning as required by regulations with which the university must comply
4-OP-H-25.19 Defining Consolidated University Units Standard
Identifies an IT security and privacy organizational structure and establishes roles and responsibilities to facilitate more effective university-wide IT risk management
Resources
4-OP-H-25.20 Request for Exception to IT Security Policy
Method for requesting an exception of FSU IT security or privacy policy requirements to address circumstances where strict compliance cannot be met
IT Roles and Responsibilities
Defines key roles and responsibilities related to IT security and privacy policies and standards
IT Glossary
Alphabetical list of terms and definitions for words and titles used throughout IT standards
