Statement of Policy
Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations, and university policies. WashU has adopted these policies to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools. Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.
The policy and associated guidance provide the WashU computing community directives to help ensure integrity, confidentiality, and availability of information and provide a safe computing environment. All network assets, systems, computing devices, services, and operating personnel will be in scope for this policy. This includes network infrastructure components, network management and service systems, WashU faculty, staff, and students.
This policy and associated guidance establish the roles and responsibilities within WashU, which is critical for effective communication of information security policies and standards. Roles are required within the organization to provide clearly defined responsibilities and an understanding of how the protection of information is to be accomplished. Their purpose is to clarify, coordinate activity, and actions necessary to disseminate security policy, standards, and implementation.
This policy and associated guidance cover a well-defined and organized approach for vulnerability management to reduce infrastructure risks and integrate with patch management. To ensure confidentiality, integrity, and availability of WashU systems Office of Information Security (OIS) and Information Technology (IT) will develop a documented vulnerability management process for the efficient and effective assessment and mitigation of IT infrastructure risks.