Security Policy

What Is the Service?

GRC provides services related to the creation/drafting of IT and IT security policy, review of policy, enforcement of policy, as well as general consulting about policy. This includes additional documentation as it relates to policy including standards, guidelines, and process and procedures. Additionally, GRC can provide consulting/review/assessment/attestation of numerous areas of compliance as it relates to: PCI DSS, HIPAA, FERPA, GLBA, CUI, CMMC, NIST SP 800-xxx, CJIS, ITAR, NDAA 889, NSPM-33, etc.

Who Is Eligible to Use It?

While GRC is scoped for the entire organization, this will mainly be reserved for departments (MAUs) on campus; faculty/staff, though any Policy written and approved for a larger audience, which come out of this service – all are expected to both understand and comply with it.

How Do I Use It?

If you need new policy or need help interpreting policy, reaching out for a consultation will be the best path forward.

 
Request Baseline Security Controls Onboarding Submit a Copyright Violation Complaint

Related Articles (1)

MSU's Acceptable Use Policy for Information Technology Resources
It is your responsibility to ensure that use of your MSU NetID or the MSU IT environment does not violate MSU's Acceptable Use Policy. Unacceptable use of your MSU NetID and its related services may result in the suspension of your e-mail and/or network.

Service Offerings (2)

Baseline Security Controls Onboarding
Systems must be checked against MSU baseline security posture that includes a minimum set of security controls. Additional controls may be required to mitigate risks associated with specific applications or confidential data.
Copyright Violation Complaint
Copyright holders and their agents may use this form to submit copyright violation complaints to Michigan State University. Submissions with incomplete or invalid information will not be processed.