Policy Category | Policy Owner | Version Effective Date | Review Cycle | Policy Contact |
X. Information Governance, Security & Technology | Chief Transformation Officer | March 28, 2023 | Every 2 years | infosec@umgc.edu |
Purpose
The purpose of this policy is to establish information security standards for Security Assessment processes relevant to University of Maryland Global Campus ("UMGC" or "University") Information Technology Resources.
Scope and Applicability
This policy applies to all University Information Systems and Information Technology Resources. Information System Stewards are responsible for adhering to this policy.
Definitions
Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.
Security Assessment
Information System Stewards or their designee should ensure the adherence to the University's Security Assessment Policy to include:
SSPs should be documented and updated to describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems on an annual basis or when there is a significant change to the system that could impact the Confidentiality, Integrity, and/or Availability of the system.
At a minimum an SSP must include the following:
Exceptions
Exceptions to this policy should be submitted to the Sr. Director, Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.