SC-1 System and Communications Protection Policy and Procedures
Description
The university has documented policies and supporting processes for defining and enforcing requirements to protect data transmissions and system-to-system communications, including analyzing the identity of communicators.
Applicability
- This control applies to the university Chief Information Security Officer (CISO).
Implementation
- 1 - The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the System and Communications Protection of information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance
- 2 - The CISO shall review and update the System and Communications Protection controls as necessary.