Information Security

Policies

• Mobile Computing and Storage Devices Policy (March 1, 2013)
  The University of Florida has established a policy for the use of mobile computing and storage devices, and to specify minimum configuration requirements.
• Data Classification Policy (April 26, 2012)
  All data at the University of Florida is now classified into three categories: restricted, sensitive, and open.
• Authentication Management Policy (July 11, 2013)
  Authentication mechanisms such as passwords are the primary means of protecting access to computer systems and data. It is essential that these authenticators be strongly constructed and used in a manner that prevents their compromise.
• Risk Management Policy (February 6, 2020)
  The University of Florida has established a process to manage risks to the University of Florida that result from threats to the confidentiality, integrity and availability of University Data and Information Systems.
• Account Management Policy (August 1, 2022)
  To provide a comprehensive account management process that allows only authorized individuals access to University Data and Information Systems.
• Backup and Recovery (February 20, 2016)
  The purpose of this policy is to protect University Data from loss or destruction by specifying reliable backups that are based upon the availability needs of each unit and its data.
• Remote Access Policy (December 14, 2016)
  The purpose of this policy is to define how the University of Florida controls Remote Access to university information systems and networks in order to prevent unauthorized use.
• Terminated and Transferred Employees Policy (June 22, 2020)
  The UF Account Management Standard requires that accounts and authorizations be promptly modified when a user’s job duties or employment ends. 

Related Standards & Documents

• Definition of Terms
• Mobile Computing and Storage Devices Standard
• FAQ – Mobile Computing and Storage Devices Policy
• Authentication Management Standard
• Password Complexity Standard
• Risk Assessment Standard
• System Security Plans Standard
• External IT Vendor Sourcing Standard
• Data Classification Guidelines
• Account Management Standard
• Remote Access Standard

PDF Downloads

• Account Management Policy
• Authentication Management Policy
• Risk Management Policy
• Account Management Standard
• Authentication Management Standard
• Password Complexity Standard
• Mobile Computing and Storage Devices Standard
• Risk Assessment Standard
• System Security Standard
• External IT Vendor Sourcing Standard
• Account Management Procedure for Terminated and Transferred Employees
• Instructions for Running and Scheduling the Department Terminations and Transfer