Security Assessment and Authorization Policy and Procedures (CA-1)

Description

The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Security Assessment and Authorization policy and associated Security Assessment and Authorization controls.

Applicability

This control applies to the university Chief Information Security Officer (CISO).

Implementation

1
The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Security Assessment and Authorization for information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance.
2
The CISO shall review and update the Security Assessment and Authorization controls as necessary.

Security Assessment and Authorization (CA)

Security Assessment and Authorization Policy and Procedures (CA-1)

Description

Applicability

Implementation

Need Help with IT Policy?

Support

FAQs

Glossary