Introduction

The Information Security Standard provides a baseline for information security and information technology risk management activities across the University of Richmond. A standards is a mandatory action or rule designed to support and conform to University policies. The information security standard is designed to support and maintain the confidentiality, integrity, and availability of University data and information resources as well as ensure good stewardship of the information assets entrusted to the University by its constituency.

This standard has been created using the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4: Recommended Security Controls for Federal Information Systems and Organizations as a framework.

Scope

This standard applies to all University faculty, staff, students, vendors, contractors, and Affiliates who have access to University Administrative Information (UAI), information resources, and other resources that store, process, or transmit University data or access University systems and/or networks.

Purpose

The standard defines the minimum security requirements that must be applied to University Administrative Information or computing resources.