Main menu (IT)

Policies and Standards

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of CSUN’s information and assets.

Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.

Procedures are detailed step by step instructions on how to implement or adhere to the standards.

Guidelines are recommended practices that are based on industry-standard practices.

Access Request Forms
FormsForm Description
Administrative Rights Access Request(.pdf)Use this form to request local administrative rights on your work desktop.
USB Storage Device ExceptionVisit this page to learn about dangers of using USB storage devices and how to request an exception.
Confidentiality Statement for Consultants and Independent Contractors(.pdf)Use this form for Consultants and Independent Contractors needing access to CSUN systems and data.
Employee Confidentiality Statement(.docx)Use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
Employee Confidentiality Statement - Faculty(.docx)Faculty should use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
SOLAR Financial Security AccessVisit this page to learn more about CSUN Financial Systems and how to request access.
SOLAR Student Administration Security AccessVisit this page to learn more about Student administration and how to request access.
SOLAR Human Resources Security Access(.pdf)Use this form to request access HR resources such as approving time and absence.

Additional Resources:

 Policies
Policy No. Policy StandardsProcedures, Guidelines, Executive Orders (EO), Supplemental Policies,(SP)
7100

Identity Access Management (.pdf)

  
8000

Introduction and Scope (.pdf)

  
8005

Policy Management (.pdf)

  
8010

Establishing an Information Security Policy (.pdf)

  
8015

Organizing Information Security (.pdf)

8015.S000: Information Security Roles Responsibilities (.pdf) 
8020Information Security Risk Management (.pdf)

8020.S000: Exception Standard (.pdf)

8020.S001: Risk Assessment Standard (.pdf)

 
8025Privacy of Personal Information (.pdf) 

CSUN Privacy of Personal Information (.pdf)

Privacy Notice

8030

Personnel Information Security (.pdf)

8030.S000: Personnel Security Standard (.pdf)

 
8035Information Security Awareness and Training (.pdf)

8035.S000: Security Awareness Training (.pdf)

 
8040Managing Third Parties (.pdf)

8040.S001: Third Party Security (.pdf)

VISC Third Party Guidelines (.pdf)
8045Information Technology Security (.pdf)

8045.S200: Malicious Software Protection (.pdf)

8045.S300: Network Controls Management (.pdf)

8045.S301: Boundary Protection and Isolation (.pdf)

8045.S302: Remote Access to CSU Resources (.pdf)

8045.S400: Mobile Device Management (.pdf)

8045.S600: Logging Elements (.pdf)

Registration of Internet Devices (.pdf)

Network Hardware Standard (.pdf)

Log/Event Management Guidelines (.pdf)

8050Configuration Management (.pdf)

8050.S100: Common Workstation Standard (.pdf)

8050.S200: High-Risk Workstation Standard (.pdf)

Patch Management Process and Compliance Review Procedure (.pdf)

Sever Security Baseline Standard (.pdf)

Computing Device Anti-Virus Software (.pdf)

Desktop Security Lockout (.pdf)

Vulnerability Management Procedure for Servers (.pdf)

Secure Printing Guidelines

8055 Change Control (.pdf)

8055.S01: Change Control (.pdf)

Change Management Control (.pdf)
8060 Access Control (.pdf)

8060.S000: Access Control (.pdf)

8060.S000: Access Control - Appendix A (.pdf)

Password Standards and Guidelines (.pdf)

CSUN User ID (.pdf)

Access Control for Decentralized Level 1 Applications (.pdf)

Administrative Rights to Computers

8065Information Asset Management (.pdf)

8065.S001: Information Security Asset Management (.pdf)

8065.S02: Information Security Data Classification (.pdf)

8065.S003: Cloud Storage and Services (.pdf)

EO 1027: Systemwide Records Retention and Disposition (.pdf)

CSUN Information Security Data Classification

Protection of Confidential and Internal Use of Electronic Information (.pdf)

Digital Media - Data Sanitization Standard (.pdf)

CSU Records Retention and Disposition Schedules

8070Information Systems, Acquisition, Development, and Maintenance (.pdf)8070.S000: Application Security (.pdf)

CSUN Application Development Standard (.pdf)

Vulnerability Management Procedure for Websites and Web Applications (.pdf)

8075Information Security Incident Management (.pdf)

8075.S000: Information Security Incident Management (.pdf)

Information Security Incidence Response Procedures (.pdf)
8080Physical Security (.pdf)

8080.S01: Physical & Environmental Security (.pdf)

 
8085

Business Continuity & Disaster Recovery (.pdf)

 EO 1031: Business Continuity & Vital Records (.pdf)
8090Compliance (.pdf) 

CSU HIPAA Policy(.pdf)

PCI Compliance Review Process (.pdf)

SP 650-30: Student Records Administration (FERPA) (.pdf)

SP 3000: ICSUAM General Accounting (.pdf)

SP 3102.05: Debit/Credit Card Payment Policy (.pdf)

8095

Policy Enforcement (.pdf)

  
8100Electronic and Digital Signatures (.pdf)

8100.S01: Electronic and Digital Signature Standards and Procedures (.pdf)

 
8105

Responsible Use Policy (.pdf)