Information Technology
Information Technology
Home Information Technology Information Security Resources Policies & Standards

Request Assistance

Contact Us

CSUN Information Technology

Monday to Friday, 8am to 5pm

Faculty Technology Center
(818) 677-3443

IT Help Center
(818) 677-1400

Information Security
(818) 677-6100

Universal Design Center
(818) 677-5898

Classroom Support
(818) 677-1500

Send email

Check our social media for changes and updates.

  

instagram icon Twitter  

Policies & Standards

Policies vs. Standards vs. Procedures

Policies are formal statements created by the university that reflect our mission, which in this case is the protection of CSUN’s information and assets.

Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.

Procedures are detailed step by step instructions on how to implement or adhere to the standards.

Guidelines are recommended practices that are based on industry-standard practices.

Access Request Forms
Forms Form Description
Administrative Rights Access Request (PDF) Use this form to request local administrative rights on your work desktop.
USB Storage Device Exception Visit this page to learn about dangers of using USB storage devices and how to request an exception.
Confidentiality Statement for Consultants and Independent Contractors (PDF) Use this form for Consultants and Independent Contractors needing access to CSUN systems and data.
Employee Confidentiality Statement (DOCX) Use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
Employee Confidentiality Statement - Faculty (DOCX) Faculty should use this form for employee access to University data systems containing personal, academic, or financial information about students, faculty, staff, or alumni.
SOLAR Financial Security Access Visit this page to learn more about CSUN Financial Systems and how to request access.
SOLAR Student Administration Security Access Visit this page to learn more about Student administration and how to request access.
SOLAR Human Resources Security Access (PDF) Use this form to request access HR resources such as approving time and absence.

Access Control

CSUN Password Standards and Guidelines (PDF)

Additional Resources:

Cloud Policy

 Policies
Old Policy No.  New Policy  Standards Procedures, Guidelines, Executive Orders (EO), Supplemental Policies,(SP)
7100

Identity Access Management

    
8000

Introduction and Scope

Policy

Scope

Roles & Responsibilities

 

  
8005

ISO Domain 5: Information Security Policy

    
8010

Establishing an Information Security Program 

Roles and Responsibilities

  

 

  
8015

ISO Domain 6: Organization of Information Security Policy

 Roles and Responsibilities  
8020 ISO Domain 6: Organization of Information Security

Exceptions

Risk Management Strategies (ISO Domain 6: Organization of Information Security Standard)

  
8025

Privacy of Personal Information

    
8030

Personnel Information Security Activities (ISO Domain 7: Human Resource Security Policy)

Employment Separations and Position Change (ISO Domain 7: Human Resource Security Standard)

  
8035 Information Security Training and Awareness Activities (ISO Domain 7: Human Resource Security Policy)

Campus Security Awareness and Training Program (ISO Domain 7: Human Resource Security Standard)

  
8040

Managing Third Parties

ISO Domain 15: Supplier Relationships Policy

ISO Domain 15: Supplier Relationships Standard

 VISC Third Party Guidelines (PDF)     
8045

Information Technology Security

ISO Domain 12: Operations Security Policy

ISO Domain 13: Communications Security Policy

 

 

Protections Against Malicious Software Programs (ISO Domain 12: Operations Security Standard)

Boundary Protection and Isolation (ISO Domain 13: Communications Security Standard)

Remote Access to CSU Resources (ISO Domain 12: Operations Security Standard)

Mobile Device Management (ISO Domain 12: Operations Security Standard)

Logging Elements (ISO Domain 12: Operations Security Standard)

Registration of Internet Devices (PDF)   

Network Hardware Standard (PDF)  

Log/Event Management Guidelines (PDF)   
8050 Configuration Management (ISO Domain 12: Operations Security Policy)

 

 

Common Workstation Minimum Configuration Requirements (ISO Domain 12: Operations Security Standard)

High Risk/Critical Workstation Standard (ISO Domain 12: Operations Security Standard)

 

Patch Management Process and Compliance Review Procedure (PDF)  

Server Security Baseline Standard (PDF)

Computing Device Anti-Virus Software (PDF)

Desktop Security Lockout (PDF)

Vulnerability Management Procedure for Servers (PDF)

Secure Printing Guidelines
8055 Change Control (ISO Domain 12: Operations Security Policy)

Change Control (ISO Domain 12: Operations Security Standard)

 Change Management Control (PDF)     
8060 ISO Domain 9: Access Control Policy

ISO Domain 12: Access Control Standard

Password Standards and Guidelines (PDF)

CSUN User ID (PDF)

Access Control for Decentralized Level 1 Applications (PDF)

Administrative Rights to Computers
8065 ISO Domain 8: Asset Management Policy

 

ISO Domain 8: Asset Management Standard

Data Classification Levels (Asset Management ISO Domain 8 Standard)

Cloud Storage and Services (ISO Domain 8: Asset Management Standard)

EO 1031: Systemwide Records Retention and Disposition (PDF)

CSUN Information Security Data Classification

Protection of Confidential and Internal Use of Electronic Information (PDF)

Digital Media - Data Sanitization Standard (PDF)

CSU Records Retention and Disposition Schedules

Data Masking Procedure (PDF)
8070 ISO Domain 14: System Acquisition, Development and Maintenance Policy

Application Security Standard (ISO Domain 14: Systems Acquisition Standard)

CSUN Application Development Standard (PDF)

Vulnerability Management Procedure for Websites and Web Applications (PDF)
8075 ISO Domain 16: Incident Management Policy

ISO Domain 16: Incident Management Standard

 Information Security Incidence Response Procedures (PDF)
8080 ISO Domain 11: Physical and Environmental Security Policy

ISO Domain 11: Physical and Environmental Security Standard

  
8085

ISO Domain 17: Information Security Aspects of Business Continuity Management Policy

   EO 1031: Business Continuity & Vital Records (PDF)
8090 ISO Domain 18: Compliance Policy  

CSU HIPAA Policy (PDF)  

PCI Compliance Review Process (PDF)

SP 650-30: Student Records Administration (FERPA) (PDF) 

SP 3000: ICSUAM General Accounting (PDF)   

SP 3102.05: Debit/Credit Card Payment Policy (PDF)  
8095

Enforcement

    
8100 Electronic Signatures, Digital Signatures (ISO Domain 10: Cryptography Policy)

Acceptable Use of Electronic and Digital Signatures (ISO Domain 10: Cryptography Standard

  
8105

Responsible Use Policy

    

Request Assistance

Contact Us

CSUN Information Technology

Monday to Friday, 8am to 5pm

Faculty Technology Center
(818) 677-3443

IT Help Center
(818) 677-1400

Information Security
(818) 677-6100

Universal Design Center
(818) 677-5898

Classroom Support
(818) 677-1500

Send email

Check our social media for changes and updates.

  

instagram icon Twitter  
Scroll back to the top of the page