Main menu (IT)

Policies and Standards

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of CSUN’s information and assets.

Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.

Procedures are detailed step by step instructions on how to implement or adhere to the standards.

Guidelines are recommended practices that are based on industry-standard practices.

Access Request Forms
FormsForm Description
Administrative Rights Access Request(.pdf)Use this form to request local administrative rights on your work desktop.
USB Storage Device ExceptionVisit this page to learn about dangers of using USB storage devices and how to request an exception.
Confidentiality Statement for Consultants and Independent Contractors(.pdf)Use this form for Consultants and Independent Contractors needing access to CSUN systems and data.
Employee Confidentiality Statement(.docx)Use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
Employee Confidentiality Statement - Faculty(.docx)Faculty should use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
SOLAR Financial Security AccessVisit this page to learn more about CSUN Financial Systems and how to request access.
SOLAR Student Administration Security AccessVisit this page to learn more about Student administration and how to request access.
SOLAR Human Resources Security Access(.pdf)Use this form to request access HR resources such as approving time and absence.

Access Control

CSUN Password Standards and Guidelines (.pdf)

AdditionalResources:

 Policies
Old Policy No. New Policy StandardsProcedures, Guidelines, Executive Orders (EO), Supplemental Policies,(SP)
7100

Identity Access Management

  
8000

Introduction and Scope

Policy

Scope

Roles & Responsibilities

 

 
8005

ISO Domain 5: Information Security Policy

  
8010

Establishing an Information Security Program 

Roles and Responsibilities

 

 

 
8015

ISO Domain 6: Organization of Information Security Policy

Roles and Responsibilities 
8020ISO Domain 6: Organization of Information Security

Exceptions

Risk Management Strategies (ISO Domain 6: Organization of Information Security Standard)

 
8025

Privacy of Personal Information

  
8030

Personnel Information Security Activities (ISO Domain 7: Human Resource Security Policy)

Employment Separations and Position Change (ISO Domain 7: Human Resource Security Standard)

 
8035Information Security Training and Awareness Activities (ISO Domain 7: Human Resource Security Policy)

Campus Security Awareness and Training Program (ISO Domain 7: Human Resource Security Standard)

 
8040

Managing Third Parties

ISO Domain 15: Supplier Relationships Policy

ISO Domain 15: Supplier Relationships Standard

VISC Third Party Guidelines (.pdf)     
8045

Information Technology Security

ISO Domain 12: Operations Security Policy

ISO Domain 13: Communications Security Policy

 

 

Protections Against Malicious Software Programs (ISO Domain 12: Operations Security Standard)

Boundary Protection and Isolation (ISO Domain 13: Communications Security Standard)

Remote Access to CSU Resources (ISO Domain 12: Operations Security Standard)

Mobile Device Management (ISO Domain 12: Operations Security Standard)

Logging Elements (ISO Domain 12: Operations Security Standard)

 

Registration of Internet Devices (.pdf)   

Network Hardware Standard (.pdf)  

Log/Event Management Guidelines (.pdf)   

8050Configuration Management (ISO Domain 12: Operations Security Policy)

 

 

Common Workstation Minimum Configuration Requirements (ISO Domain 12: Operations Security Standard)

High Risk/Critical Workstation Standard (ISO Domain 12: Operations Security Standard)

 

Patch Management Process and Compliance Review Procedure (.pdf)  

Sever Security Baseline Standard (.pdf)

Computing Device Anti-Virus Software (.pdf)

Desktop Security Lockout (.pdf)

Vulnerability Management Procedure for Servers (.pdf)

Secure Printing Guidelines

8055Change Control (ISO Domain 12: Operations Security Policy)

Change Control (ISO Domain 12: Operations Security Standard)

Change Management Control (.pdf)
8060 ISO Domain 9: Access Control Policy

 ISO Domain 12: Access Control Standard

Password Standards and Guidelines (.pdf)

CSUN User ID (.pdf)

Access Control for Decentralized Level 1 Applications (.pdf)

Administrative Rights to Computers

8065ISO Domain 8: Asset Management Policy

 

ISO Domain 8: Asset Management Standard

Data Classification Levels (Asset Management ISO Domain 8 Standard)

Cloud Storage and Services (ISO Domain 8: Asset Management Standard)

 

EO 1031: Systemwide Records Retention and Disposition (.pdf)

CSUN Information Security Data Classification

Protection of Confidential and Internal Use of Electronic Information (.pdf)

Digital Media - Data Sanitization Standard (.pdf)

CSU Records Retention and Disposition Schedules

Data Masking Procedure (.pdf)

8070ISO Domain 14: System Acquisition, Development and Maintenance Policy

Application Security Standard (ISO Domain 14: Systems Acquisition Standard)

CSUN Application Development Standard (.pdf)

Vulnerability Management Procedure for Websites and Web Applications (.pdf)

8075ISO Domain 16: Incident Management Policy

ISO Domain 16: Incident Management Standard

Information Security Incidence Response Procedures (.pdf)
8080ISO Domain 11: Physical and Environmental Security Policy

ISO Domain 11: Physical and Environmental Security Standard

 
8085

ISO Domain 17: Information Security Aspects of Business Continuity Management Policy

 EO 1031: Business Continuity & Vital Records (.pdf)
8090ISO Domain 18: Compliance Policy 

CSU HIPAA Policy (.pdf)  

PCI Compliance Review Process (.pdf)

SP 650-30: Student Records Administration (FERPA) (.pdf) 

SP 3000: ICSUAM General Accounting (.pdf)   

SP 3102.05: Debit/Credit Card Payment Policy (.pdf)  

8095

Enforcement

  
8100Electronic Signatures, Digital Signatures (ISO Domain 10: Cryptography Policy)

Acceptable Use of Electronic and Digital Signatures (ISO Domain 10: Cryptography Standard

 
8105

Responsible Use Policy