IT Security Standards

Ů�źϼ� Board of Regents Policy 02.07, the Ů�źϼ� Information Security Program, and this body of IT Security Standards apply to the Ů�źϼ� System and all users of Ů�źϼ� computing resources. These standards are reviewed and approved by the CIO Management Team (CMT), a system-wide governance group consisting of each university CIO, the Ů�źϼ� CITO, and the Ů�źϼ� CISO.

RECENT UPDATES	COMING SOON
Acceptable Use of Information Resources UPDATED Generative AI Security Standard see also: GenAI at Ů�źϼ� Password and Authentication Standard Information Security Controls and Exceptions Standard Vulnerability and Patch Management Standard	Minimum Security Standards for Endpoints

GENERAL IT STANDARDS

Acceptable Use of Online Resources UPDATED
Administrative Guidelines: Use of Email (.pdf)
Downloading Copyrighted Materials FAQs
Ů�źϼ� Cloud Computing Guidelines
Ů�źϼ� Guidelines for the Use of Social Media Final
User Extensions Policy

DATA AND ADMIN STANDARDS

Bulk Document Shredding
Data Classification
Retention and Disposition Schedules

SECURITY STANDARDS

Configuring SSL Securely
Encryption Options
Generative AI Security Standard NEW
ID Theft Program
Information Security Controls and Exceptions Standard NEW
InfoSec Breach and Handling Procedure
Information Resource Data and System Classification Standard
Information Security Definitions & Terminology
Minimum Security Standard for Desktop Systems
Mobile Device Security
Password and Authentication Standard NEW
Remote Access Security Requirements
Standards for System Logging
Ů�źϼ� System Security Guidelines
Vulnerability and Patch Management Standard NEW

PRIVACY POLICIES

BoR & University Policy on FERPA (.pdf)
University of Alaska HIPAA Privacy Policies and Procedures (.pdf)