Technology/Cybersecurity Policies & Standards

• Endpoint Management Standard (effective 6 AUG 2021)
• Cybersecurity Awareness and Training (effective 6 AUG 2021)
• Vendor Cloud Service Security (effective 6 AUG 2021)
• Privately Managed Network (effective 6 AUG 2021)
• Access Management (effective 6 AUG 2021)

Policies

In Force:

• USNH Use of Technological Resources Policy 
• USNH Password Policy (effective 20 JAN 2020)
• USNH Privacy Policy (effective AUG 2018)

Proposed

Targeted effective date 01 MAY 2021

• USNH Acceptable Use Policy
• USNH Cybersecurity Policy
• USNH Information Classification Policy

Feedback on or questions about these Proposed Policies can be submitted here.

Standards

In Force

• Cybersecurity Exception Standard (effective 15 FEB 2021)
• Cybersecurity Risk Management Standard (effective 15 FEB 2021)
• Cybersecurity Risk Acceptance Standard (effective 15 FEB 2021)
• Security Categorization Standard (effective 15 FEB 2021)

Proposed

Targeted effective date 01 MAY 2021

• Access Management Standard
• Cybersecurity Awareness & Training Standard
• Identity Management Standard
• Privately Managed Network Standard
• Privileged Access Management Standard
• Vendor Cloud Service Security Standard

Feedback on or questions about these Proposed Standards can be submitted here.

Planned

Phase 1 Remaining Standards, targeted to become effective 01 May 2021, will be available for review by early March 2021

• Access to Password Protected Information Standard
• Public and Sensitive Information Handling Standard 
• Protected Information Handling Standard 
• Restricted Information Handling Standard 
• Confidential Information Handling Standard 
• Endpoint Management Standard 

Phase 2 Standards, targeted to become effective late summer/early fall 2021

• Account Management Standard
• Institutional Email Security and Use Standard
• Network Security and Management Standard
• Server Security and Management Standard
• Sponsored/Guest Access Management Standard

Phase 3+ Standards, planned for late 2021 and 2022

• Application Administration Standard
• Contingency Planning Standard
• Cybersecurity Roles and Responsibilities Standard
• Data Breach Notification Standard
• Data Center Facility Security, Access, and Use Standard
• Data Administration and Management Standard
• Information Technology Resource Secure Disposal Standard
• Information Technology Inventory Management Standard
• Non-Primary Identity Management Standard
• Password Management Standard
• Personnel Security Standard
• Physical Information Technology Asset Access and Management Standard
• Remote Access and VPN Standard
• Security Assessment and Testing Standard
• Security Configuration Management Standard
• Security Logging and Monitoring Standard
• Shared File Storage Standard
• System Acquisition, Development, and Maintenance Lifecycle Standard
• Vulnerability and Patch Management Standard
• Wireless Network Security and Management Standard