Items

List of requirements by impacted audience for Policy 100: Information Security Program.

List of requirements by impacted audience for Policy 101: Information Security Status Monitoring, Reporting, and Review.

List of requirements by impacted audience for Policy 107: Information Security Business Continuity and Disaster Recovery

List of requirements by impacted audience for Policy 109: Information Security Incident Reporting, Response, and Recovery

List of requirements by impacted audience for Policy 110: Information Technology Change Control and Management

This standard defines classification categories and control zones for data, information, and systems at Washington University in St. Louis (WashU).

This standard establishes and describes a cybersecurity awareness training program for the WashU community.

This standard describes logging practices for events occurring within networks and systems of Washington University in St. Louis (WashU).

This standard provides a basis for funding decisions for incident response and recovery at Washington University in St. Louis (WashU).

This standard establishes processes related to incident detection, response, and containment.

Access controls are security protocols that manage and restrict which persons or programs can view or use specific computing resources.

This standard and associated guidance establishes a university set of standards for information technology to maximize the functionality, security, and interoperability of the information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies.

The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.

In IT, the account owner most likely refers to the individual, organization, or entity with permission to implement changes within the account.

The Advanced Encryption Standard (AES) is an algorithm that uses a specific encryption procedure to protect...

Anonymous data cannot be traced back to the person or entity that supplied it.

If you need to report a phishing attempt in Apple Mail but don’t have the Phish Alert Button (PAB), follow these steps.

Applications are software designed to perform specific assigned tasks.

The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools.  Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.

Research conducted to gain the knowledge or understanding to meet a specific, recognized need.

Authentication is a way of establishing that the user is who they claim to be before granting access to university systems and data.

Washington University in St. Louis uses a two-factor (or two-step) authentication service provided by Duo...

Possessing official permission or being granted/denied approval by an authoritative source (e.g., owner, steward, automated mechanism) to perform an action or set of activities.

Availability means data are accessible when you need them.

Research undertaken primarily to acquire new knowledge without any particular application or use in mind.

Biometrics are unique features of individuals, for example, fingerprints, that can identify a
specific person.

A digital certificate is a digitally signed document with a unique signature, which definitively establishes the identity of an online entity to ensure the legitimacy of a software or website.

The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.

Cloud computing uses the internet to deliver computing services such as storage in servers, the provision of software, and conducting analytics.

CMMC is required for your project activity if (1) you are handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) and...

The Cybersecurity Maturity Model Certification (CMMC) framework organizes processes and cybersecurity best practices into a set of 17 capability domains...

CMMC is primarily designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)...

The Cybersecurity Maturity Model Certification (CMMC) is a program of unified standards and frameworks of cybersecurity best practices and controls …

The theft of intellectual property and sensitive information due to malicious cyber activity threatens economic security and national security...

Compliance in cyber security means meeting certain standards and obeying by regulations...

This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.

Confidential information is not subject to legal regulation, but it is not freely available to create, store, and transmit.

Confidentiality refers to protecting information from unauthorized access.

Containerization is the idea of containing code and all the necessary frameworks for a program/software into one unit...

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess...

Critical Information Resources include the information technology hardware, software, networks, and services for which the loss, unavailability, or corruption would have a severe impact on the university.

Cryptography is the use of encryption, through ciphers, to protect sensitive or confidential data...

The below steps are designed to assist you in determining if a RFP/RFI will require safeguards to protect...

All faculty and staff who may come into contact with CUI data in their course of performing their job duties are required to take training. The training required depends upon your job, and the nature of your interaction with CUI data here at the university.

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, government, which is required...