Items
100 Information Security Program
List of requirements by impacted audience for Policy 100: Information Security Program.
101 Information Security Status Monitoring, Reporting, and Review
List of requirements by impacted audience for Policy 101: Information Security Status Monitoring, Reporting, and Review.
107 Information Technology Business Continuity and Disaster Recovery Planning
List of requirements by impacted audience for Policy 107: Information Security Business Continuity and Disaster Recovery
109 Information Security Incident Reporting, Response, and Recovery
List of requirements by impacted audience for Policy 109: Information Security Incident Reporting, Response, and Recovery
110 Information Technology Change Control and Management
List of requirements by impacted audience for Policy 110: Information Technology Change Control and Management
200 Information Security Classification, Labeling, and Handling
This standard defines classification categories and control zones for data, information, and systems at Washington University in St. Louis (WashU).
200.1 Information Security Awareness, Behavior, and Culture
This standard establishes and describes a cybersecurity awareness training program for the WashU community.
201 Information Security Logging and Event Monitoring
This standard describes logging practices for events occurring within networks and systems of Washington University in St. Louis (WashU).
207 Information Technology Business Continuity and Disaster Recovery Planning
This standard provides a basis for funding decisions for incident response and recovery at Washington University in St. Louis (WashU).
209 Information Security Incident Response and Recovery
This standard establishes processes related to incident detection, response, and containment.
Access Control
Access controls are security protocols that manage and restrict which persons or programs can view or use specific computing resources.
Access Control Standard
This standard and associated guidance establishes a university set of standards for information technology to maximize the functionality, security, and interoperability of the information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies.
Access to Faculty or Staff Email, Files, or Systems Policy
The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.
Account Owner
In IT, the account owner most likely refers to the individual, organization, or entity with permission to implement changes within the account.
Advanced Encryption Standard
The Advanced Encryption Standard (AES) is an algorithm that uses a specific encryption procedure to protect...
Anonymous Data
Anonymous data cannot be traced back to the person or entity that supplied it.
Apple Mail
If you need to report a phishing attempt in Apple Mail but don’t have the Phish Alert Button (PAB), follow these steps.
Application
Applications are software designed to perform specific assigned tasks.
Application Security Policy
The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools. Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.
Applied Research
Research conducted to gain the knowledge or understanding to meet a specific, recognized need.
Authentication
Authentication is a way of establishing that the user is who they claim to be before granting access to university systems and data.
Authentication Information
Washington University in St. Louis uses a two-factor (or two-step) authentication service provided by Duo...
Authorization
Possessing official permission or being granted/denied approval by an authoritative source (e.g., owner, steward, automated mechanism) to perform an action or set of activities.
Availability
Availability means data are accessible when you need them.
Basic Research
Research undertaken primarily to acquire new knowledge without any particular application or use in mind.
Biometrics
Biometrics are unique features of individuals, for example, fingerprints, that can identify a
specific person.
Certificate
A digital certificate is a digitally signed document with a unique signature, which definitively establishes the identity of an online entity to ensure the legitimacy of a software or website.
Chemical Facility Anti-Terrorism Standards (CFATS)
The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.
Cloud
Cloud computing uses the internet to deliver computing services such as storage in servers, the provision of software, and conducting analytics.
CMMC – How do I know if it is required?
CMMC is required for your project activity if (1) you are handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) and...
CMMC – Model Framework
The Cybersecurity Maturity Model Certification (CMMC) framework organizes processes and cybersecurity best practices into a set of 17 capability domains...
CMMC – What information is protected?
CMMC is primarily designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)...
CMMC – What is it?
The Cybersecurity Maturity Model Certification (CMMC) is a program of unified standards and frameworks of cybersecurity best practices and controls …
CMMC – Why was it created?
The theft of intellectual property and sensitive information due to malicious cyber activity threatens economic security and national security...
Compliance
Compliance in cyber security means meeting certain standards and obeying by regulations...
Computer Use Policy
This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.
Confidential Data
Confidential information is not subject to legal regulation, but it is not freely available to create, store, and transmit.
Containerization
Containerization is the idea of containing code and all the necessary frameworks for a program/software into one unit...
Controlled Unclassified Information (CUI)
Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess...
Critical Information Resources
Critical Information Resources include the information technology hardware, software, networks, and services for which the loss, unavailability, or corruption would have a severe impact on the university.
Cryptography
Cryptography is the use of encryption, through ciphers, to protect sensitive or confidential data...
CUI – Does my RFP/RFI involve CUI?
The below steps are designed to assist you in determining if a RFP/RFI will require safeguards to protect...
CUI – Training and Resources
All faculty and staff who may come into contact with CUI data in their course of performing their job duties are required to take training. The training required depends upon your job, and the nature of your interaction with CUI data here at the university.
CUI – What is it?
Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, government, which is required...