Main menu (IT)

Policies and Standards

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of CSUN’s information and assets.

Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.

Procedures are detailed step by step instructions on how to implement or adhere to the standards.

Guidelines are recommended practices that are based on industry-standard practices.

Access Request Forms
FormsForm Description
Administrative Rights Access Request(.pdf)Use this form to request local administrative rights on your work desktop.
USB Storage Device ExceptionVisit this page to learn about dangers of using USB storage devices and how to request an exception.
Confidentiality Statement for Consultants and Independent Contractors(.pdf)Use this form for Consultants and Independent Contractors needing access to CSUN systems and data.
Employee Confidentiality Statement(.docx)Use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
Employee Confidentiality Statement - Faculty(.docx)Faculty should use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
SOLAR Financial Security AccessVisit this page to learn more about CSUN Financial Systems and how to request access.
SOLAR Student Administration Security AccessVisit this page to learn more about Student administration and how to request access.
SOLAR Human Resources Security Access(.pdf)Use this form to request access HR resources such as approving time and absence.

Additional Resources:

Policy No. Policy StandardsProcedures, Guidelines, Executive Orders (EO), Supplemental Policies,(SP)

Identity Access Management


Introduction and Scope


Policy Management


Establishing an Information Security Policy


Organizing Information Security

8015.S000: Information Security Roles Responsibilities (.pdf) 
8020Information Security Risk Management

8020.S000: Exception Standard (.pdf)

8020.S001: Risk Assessment Standard (.pdf)

8025Privacy of Personal Information 

CSUN Privacy of Personal Information (.pdf) 

Privacy Notice


Personnel Information Security

8030.S000: Personnel Security Standard (.pdf) 

8035Information Security Awareness and Training

8035.S000: Security Awareness Training (.pdf)   

8040Managing Third Parties

8040.S001: Third Party Security (.pdf)

VISC Third Party Guidelines (.pdf)     
8045Information Technology Security

8045.S200: Malicious Software Protection (.pdf)    

8045.S300: Network Controls Management (.pdf)  

8045.S301: Boundary Protection and Isolation (.pdf)  

8045.S302: Remote Access to CSU Resources (.pdf)  

8045.S400: Mobile Device Management (.pdf)  

8045.S600: Logging Elements (.pdf)

Registration of Internet Devices (.pdf)   

Network Hardware Standard (.pdf)  

Log/Event Management Guidelines (.pdf)   

8050Configuration Management

8050.S100: Common Workstation Standard (.pdf)

8050.S200: High-Risk Workstation Standard (.pdf)

Patch Management Process and Compliance Review Procedure (.pdf)  

Sever Security Baseline Standard (.pdf)

Computing Device Anti-Virus Software (.pdf)

Desktop Security Lockout (.pdf)

Vulnerability Management Procedure for Servers (.pdf)

Secure Printing Guidelines

8055 Change Control

8055.S01: Change Control (.pdf)

Change Management Control (.pdf)
8060 Access Control

8060.S000: Access Control (.pdf)

8060.S000: Access Control - Appendix A (.pdf)

Password Standards and Guidelines (.pdf)

CSUN User ID (.pdf)

Access Control for Decentralized Level 1 Applications (.pdf)

Administrative Rights to Computers

8065Information Asset Management

8065.S001: Information Security Asset Management (.pdf)

8065.S02: Information Security Data Classification (.pdf)

8065.S003: Cloud Storage and Services (.pdf)

EO 1031: Systemwide Records Retention and Disposition (.pdf)

CSUN Information Security Data Classification

Protection of Confidential and Internal Use of Electronic Information (.pdf)

Digital Media - Data Sanitization Standard (.pdf)

CSU Records Retention and Disposition Schedules

8070Information Systems, Acquisition, Development, and Maintenance8070.S000: Application Security Form (.pdf)

CSUN Application Development Standard (.pdf)

Vulnerability Management Procedure for Websites and Web Applications (.pdf)

8075Information Security Incident Management

8075.S000: Information Security Incident Management (.pdf)

Information Security Incidence Response Procedures (.pdf)
8080Physical Security

8080.S01: Physical & Environmental Security (.pdf)


Business Continuity & Disaster Recovery

 EO 1031: Business Continuity & Vital Records (.pdf)

CSU HIPAA Policy (.pdf)  

PCI Compliance Review Process (.pdf)

SP 650-30: Student Records Administration (FERPA) (.pdf) 

SP 3000: ICSUAM General Accounting (.pdf)   

SP 3102.05: Debit/Credit Card Payment Policy (.pdf)  


Policy Enforcement

8100Electronic and Digital Signatures

8100.S01: Electronic and Digital Signature Standards and Procedures (.pdf)


Responsible Use Policy