Skip to Content

California State University Information Security Standards

The system wide standards were developed to support the CSU Information Security Policy.  The following chart describes the relationship between the standards described in this document and the system wide information security policy

Review the CSU System Wide Information Security Standards document

(Note to Reviewers: This section may be significantly revised.  At this point, the information provided below is intended as background for the review process.)

Security Policy Topic

Potential Standards

Information Security Roles & Responsibilities

Campus President
Campus Information Technology Administrator
Information Security Officer

Risk Management

Risk Management /Assessment

Personnel Security

Termination and Position Change
Personnel Vetting
Email Standards

Privacy

Web Site Privacy

Security Awareness and Training

Awareness and Training Activities

Third Party Services Security

Third Party Use of CSU Resources
Contracted Relationships

Information Technology Security

Network Controls Management

Remote Access

Mobile Device Management

Server Guidelines

Boundary Protection and Isolation

Malicious Software Protection

Wireless Access Points

Logging Elements

Configuration Management and Change Control

Change Management

Baseline Management

Access Control

User Account Credentials Management

Password Management

Encryption

User Privilege Authorization and Management

Asset Management

Data Classification

Data Handling

Data Retention

Data Disposal

Clean Desk

Management of Information Systems

Development Management

Web Application Coding

Life Cycle Management

Information Security Incident Management

Evidence Collection

Reporting

Physical Security

Security Zones

Secured Entrance

Secured Infrastructure

Viewing Controls

Data Center Access

Business Continuity and Disaster Recovery

(See Applicable EO)

Legal and Regulatory Compliance

PCI

HIPAA