Policies
- Mobile Computing and Storage Devices Policy (March 1, 2013)
The University of Florida has established a policy for the use of mobile computing and storage devices, and to specify minimum configuration requirements. - Data Classification Policy (April 26, 2012)
All data at the University of Florida is now classified into three categories: restricted, sensitive, and open. - Authentication Management Policy (July 11, 2013)
Authentication mechanisms such as passwords are the primary means of protecting access to computer systems and data. It is essential that these authenticators be strongly constructed and used in a manner that prevents their compromise. - Risk Management Policy (February 6, 2020)
The University of Florida has established a process to manage risks to the University of Florida that result from threats to the confidentiality, integrity and availability of University Data and Information Systems. - Account Management Policy (August 1, 2022)
To provide a comprehensive account management process that allows only authorized individuals access to University Data and Information Systems. - Backup and Recovery (February 20, 2016)
The purpose of this policy is to protect University Data from loss or destruction by specifying reliable backups that are based upon the availability needs of each unit and its data. - Remote Access Policy (December 14, 2016)
The purpose of this policy is to define how the University of Florida controls Remote Access to university information systems and networks in order to prevent unauthorized use. - Terminated and Transferred Employees Policy (June 22, 2020)
The UF Account Management Standard requires that accounts and authorizations be promptly modified when a user’s job duties or employment ends. - System Security Policy (August 1, 2022)
To specify controls required to secure Information Systems against unauthorized access and use. - IT Rationalization (May 10, 2023)
To rationalize information technology services to enable innovation, increase efficiency, reduce complexity, lower costs, and improve security of the computing environment. - Information Security Plans Policy (June 30, 2023)
To improve the security of University Data and Information Systems by implementing
consistent and repeatable information security practices and identifying the roles responsible
for developing, approving, and implementing these practices.
Related Standards & Documents
- Definition of Terms
- Mobile Computing and Storage Devices Standard
- FAQ – Mobile Computing and Storage Devices Policy
- Authentication Management Standard
- Password Complexity Standard
- Risk Assessment Standard
- System Security Plans Standard
- Malicious Software Control Standard
- External IT Vendor Sourcing Standard
- Data Classification Guidelines
- Account Management Standard
- Remote Access Standard
- System Security Standard
- IT Rationalization Standard
- Information Security Plans Standard
PDF Downloads
- Account Management Policy
- Authentication Management Policy
- Risk Management Policy
- Account Management Standard
- Authentication Management Standard
- Password Complexity Standard
- Mobile Computing and Storage Devices Standard
- Risk Assessment Standard
- Malicious Software Controls Standard
- External IT Vendor Sourcing Standard
- Account Management Procedure for Terminated and Transferred Employees
- Instructions for Running and Scheduling the Department Terminations and Transfer
- System Security Policy Central
- System Security Plans Standard
- System Security Standard
- IT Rationalization Policy
- IT Rationalization Standard
- Information Security Plans Policy
- Information Security Plans Standard