System and Information Integrity Policy and Procedures (SI-1)
The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the System and Information Integrity policy and associated System and Information Integrity controls.
Flaw Remediation (SI-2)
The University identifies, reports, and corrects information resource security flaws.
Malicious Code Protection (SI-3)
This Control addresses the requirements for malicious code protection both university-wide and the unit level.
Information System Monitoring (SI-4)
The purpose of the information system security monitoring policy is to ensure that information resource security controls are in place, effective, and not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoings or new security vulnerabilities.
Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.
Security Alerts, Advisories, and Directives (SI-5)
The University receives information security alerts/advisories on a regular basis, issues alerts/advisories to appropriate units or personnel, and takes appropriate actions in
response.
Information Input Validation (SI-10)
Checking the valid syntax and semantics of system inputs—including character set, length, numerical range, and acceptable values—verifies that inputs match specified definitions for format and content. Input validation ensures accurate and correct inputs and prevents attacks such as cross-site scripting and a variety of injection attacks.
Information Handling and Retention (SI-12)
The University handles and retains digital information in accordance with applicable laws, standards, and operational requirements.