Policies & Standards

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of CSUN’s information and assets.

Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.

Procedures are detailed step by step instructions on how to implement or adhere to the standards.

Guidelines are recommended practices that are based on industry-standard practices.

Access Request Forms
Forms	Form Description
Administrative Rights Access Request (PDF)	Use this form to request local administrative rights on your work desktop.
USB Storage Device Exception	Visit this page to learn about dangers of using USB storage devices and how to request an exception.
Confidentiality Statement for Consultants and Independent Contractors (PDF)	Use this form for Consultants and Independent Contractors needing access to CSUN systems and data.
Employee Confidentiality Statement (DOCX)	Use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
Employee Confidentiality Statement - Faculty (DOCX)	Faculty should use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
SOLAR Financial Security Access	Visit this page to learn more about CSUN Financial Systems and how to request access.
SOLAR Student Administration Security Access	Visit this page to learn more about Student administration and how to request access.
SOLAR Human Resources Security Access (PDF)	Use this form to request access HR resources such as approving time and absence.

Access Control

CSUN Password Standards and Guidelines (PDF)

Additional Resources:

CSU Data Classification (Level 1 vs. Level 2 vs. Level 3 data)
CSUN Information Security Plan
Family Educational Rights and Privacy Act (FERPA)
Payment Card Industry Data Security Standard (PCI-DSS) (PDF)
CSUN PCI Compliance Review (PDF)
Health Insurance Portability and Accountability Act (HIPAA) (PDF)
Blocklists
Security checklist

Policies
Old Policy No.	New Policy	Standards	Procedures, Guidelines, Executive Orders (EO), Supplemental Policies,(SP)
7100	Identity Access Management
8000	Introduction and Scope Policy Scope Roles & Responsibilities
8005	ISO Domain 5: Information Security Policy
8010	Establishing an Information Security Program Roles and Responsibilities
8015	ISO Domain 6: Organization of Information Security Policy	Roles and Responsibilities
8020	ISO Domain 6: Organization of Information Security	Exceptions Risk Management Strategies (ISO Domain 6: Organization of Information Security Standard)
8025	Privacy of Personal Information
8030	Personnel Information Security Activities (ISO Domain 7: Human Resource Security Policy)	Employment Separations and Position Change (ISO Domain 7: Human Resource Security Standard)
8035	Information Security Training and Awareness Activities (ISO Domain 7: Human Resource Security Policy)	Campus Security Awareness and Training Program (ISO Domain 7: Human Resource Security Standard)
8040	Managing Third Parties ISO Domain 15: Supplier Relationships Policy	ISO Domain 15: Supplier Relationships Standard	VISC Third Party Guidelines (PDF)
8045	Information Technology Security ISO Domain 12: Operations Security Policy ISO Domain 13: Communications Security Policy	Protections Against Malicious Software Programs (ISO Domain 12: Operations Security Standard) Boundary Protection and Isolation (ISO Domain 13: Communications Security Standard) Remote Access to CSU Resources (ISO Domain 12: Operations Security Standard) Mobile Device Management (ISO Domain 12: Operations Security Standard) Logging Elements (ISO Domain 12: Operations Security Standard)	Registration of Internet Devices (PDF) Network Hardware Standard (PDF) Log/Event Management Guidelines (PDF)
8050	Configuration Management (ISO Domain 12: Operations Security Policy)	Common Workstation Minimum Configuration Requirements (ISO Domain 12: Operations Security Standard) High Risk/Critical Workstation Standard (ISO Domain 12: Operations Security Standard)	Patch Management Process and Compliance Review Procedure (PDF) Sever Security Baseline Standard (PDF) Computing Device Anti-Virus Software (PDF) Desktop Security Lockout (PDF) Vulnerability Management Procedure for Servers (PDF) Secure Printing Guidelines
8055	Change Control (ISO Domain 12: Operations Security Policy)	Change Control (ISO Domain 12: Operations Security Standard)	Change Management Control (PDF)
8060	ISO Domain 9: Access Control Policy	ISO Domain 12: Access Control Standard	Password Standards and Guidelines (PDF) CSUN User ID (PDF) Access Control for Decentralized Level 1 Applications (PDF) Administrative Rights to Computers
8065	ISO Domain 8: Asset Management Policy	ISO Domain 8: Asset Management Standard Data Classification Levels (Asset Management ISO Domain 8 Standard) Cloud Storage and Services (ISO Domain 8: Asset Management Standard)	EO 1031: Systemwide Records Retention and Disposition (PDF) CSUN Information Security Data Classification Protection of Confidential and Internal Use of Electronic Information (PDF) Digital Media - Data Sanitization Standard (PDF) CSU Records Retention and Disposition Schedules Data Masking Procedure (PDF)
8070	ISO Domain 14: System Acquisition, Development and Maintenance Policy	Application Security Standard (ISO Domain 14: Systems Acquisition Standard)	CSUN Application Development Standard (PDF) Vulnerability Management Procedure for Websites and Web Applications (PDF)
8075	ISO Domain 16: Incident Management Policy	ISO Domain 16: Incident Management Standard	Information Security Incidence Response Procedures (PDF)
8080	ISO Domain 11: Physical and Environmental Security Policy	ISO Domain 11: Physical and Environmental Security Standard
8085	ISO Domain 17: Information Security Aspects of Business Continuity Management Policy		EO 1031: Business Continuity & Vital Records (PDF)
8090	ISO Domain 18: Compliance Policy		CSU HIPAA Policy (PDF) PCI Compliance Review Process (PDF) SP 650-30: Student Records Administration (FERPA) (PDF) SP 3000: ICSUAM General Accounting (PDF) SP 3102.05: Debit/Credit Card Payment Policy (PDF)
8095	Enforcement
8100	Electronic Signatures, Digital Signatures (ISO Domain 10: Cryptography Policy)	Acceptable Use of Electronic and Digital Signatures (ISO Domain 10: Cryptography Standard
8105	Responsible Use Policy

Contact Us

Policies & Standards

Policies vs. Standards vs. Procedures

Access Control

Contact Us