IT Security Standards

�㽶��ƵBoard of Regents Policy 02.07, the �㽶��ƵInformation Security Program, and this body of IT Security Standards apply to the �㽶��ƵSystem and all users of UA computing resources. These standards are reviewed and approved by the CIO Management Team (CMT), a system-wide governance group consisting of each university CIO, the �㽶��ƵCITO, and the �㽶��ƵCISO.

RECENT UPDATES	COMING SOON
Acceptable Use of Information Resources UPDATED Generative AI Security Standard see also: GenAI at UA Password and Authentication Standard Information Security Controls and Exceptions Standard Vulnerability and Patch Management Standard	Minimum Security Standards for Endpoints

GENERAL IT STANDARDS

Acceptable Use of Online Resources UPDATED
Administrative Guidelines: Use of Email (.pdf)
Downloading Copyrighted Materials FAQs
�㽶��ƵCloud Computing Guidelines
�㽶��ƵGuidelines for the Use of Social Media Final
User Extensions Policy

DATA AND ADMIN STANDARDS

Bulk Document Shredding
Data Classification
Retention and Disposition Schedules

SECURITY STANDARDS

Configuring SSL Securely
Encryption Options
Generative AI Security Standard NEW
ID Theft Program
Information Security Controls and Exceptions Standard NEW
InfoSec Breach and Handling Procedure
Information Resource Data and System Classification Standard
Information Security Definitions & Terminology
Minimum Security Standard for Desktop Systems
Mobile Device Security
Password and Authentication Standard NEW
Remote Access Security Requirements
Standards for System Logging
�㽶��ƵSystem Security Guidelines
Vulnerability and Patch Management Standard NEW

PRIVACY POLICIES

BoR & University Policy on FERPA (.pdf)
University of Alaska HIPAA Privacy Policies and Procedures (.pdf)