Cybersecurity Policies & Standards

USNH Cybersecurity Policies

ACybersecurity Policy (effective October 19, 2023)

BAcceptable Use Policy  (effective July 1, 2022)

CInformation Classification Policy (effective July 1, 2022)

D. Password Policy (effective October 4, 2022)

E. Privacy Policy (effective August 1, 2022)

USNH Cybersecurity Standards

Application Security
communication
Data security
device management
Identity and Access Management
network & connectivity
physical security
risk management
system administration
vendor management
ADDITIONAL DOCUMENTS

 


Contact Information

The General Cybersecurity Services Request form can be used to ask questions or raise concerns about any of the published Standards. 

You can also contact the Cybersecurity GRC team at Cybersecurity.GRC@usnh.edu. However, unless specifically noted as being open for Public Comment, Standards published to this site are final, approved versions provided to allow administrative, academic, and business units an opportunity to review prior to their effective date and, if needed, request exceptions.

All other requests can be submitted here: Submit an IT Question


Enforcement

Failure to comply with the USNH Cybersecurity Standards puts the University System, its component institutions, and its information and information technology resources at risk and may result in disciplinary action. Disciplinary procedures will be proportionally appropriate for the individual responsible for noncompliance (e.g., students, faculty, staff, vendors) as outlined in the relevant institutional regulations for that individual (e.g., student conduct and/or applicable personnel policies). Non-compliant technology and/or activities may be mitigated as deemed necessary by the CISO and/or CIO. Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.


Exceptions

Requests for exceptions to any of the USNH Cybersecurity Standards may be submitted and approved according to the requirements provided in the Cybersecurity Exception Standard.


Glossary

For terms and definitions, please refer to the National Institute of Standards and Technology Glossary.