Security Policy

What Is the Service?

GRC provides services related to the creation/drafting of IT and IT security policy, review of policy, enforcement of policy, as well as general consulting about policy. This includes additional documentation as it relates to policy including standards, guidelines, and process and procedures. Additionally, GRC can provide consulting/review/assessment/attestation of numerous areas of compliance as it relates to: PCI DSS, HIPAA, FERPA, GLBA, CUI, CMMC, NIST SP 800-xxx, CJIS, ITAR, NDAA 889, NSPM-33, etc.

Who Is Eligible to Use It?

While GRC is scoped for the entire organization, this will mainly be reserved for departments (MAUs) on campus; faculty/staff, though any Policy written and approved for a larger audience, which come out of this service – all are expected to both understand and comply with it.

How Do I Use It?

If you need new policy or need help interpreting policy, reaching out for a consultation will be the best path forward.

 
Request Baseline Security Controls Onboarding

Service Offerings (1)

Baseline Security Controls Onboarding
Systems must be checked against MSU baseline security posture that includes a minimum set of security controls. Additional controls may be required to mitigate risks associated with specific applications or confidential data.