Policies
In Force:
- USNH Cybersecurity Policies and Standards Overview
- USNH Acceptable Use Policy (effective July 1, 2022)
- USNH Cybersecurity Policy (effective July 1, 2022)
- USNH Information Classification Policy (effective July 1, 2022)
- USNH Password Policy (effective October 4, 2022)
- USNH Privacy Policy (effective August 1, 2022)
Standards
In Force:
- Access Management Standard (effective 06 MARCH 2023)
- Access to Password Protected Information Standard (effective 6 JAN 2022)
- Account Management Standard (effective 18 OCT 2022)
- Cybersecurity Awareness & Training Standard (effective 06 MARCH 2023)
- Cybersecurity Exception Standard (effective 15 SEPT 2022)
- Cybersecurity Maturity Model Certification Standard Level 1 (effective 16 DEC 2022)
- Cybersecurity Maturity Model Certification Standard Level 2 (effective 16 DEC 2022)
- Cybersecurity Risk Management Standard (effective 15 SEPT 2022)
- Cybersecurity Risk Acceptance Standard (effective 15 SEPT 2022)
- Endpoint Management Standard (effective 14 MAR 2022)
- Digital Millennium Copyright Act Standard (DMCA) (effective 29 JAN 2022)
- Institutional Email Security Standard (effective 03 MAY 2022)
- Network Security and Management Standard (effective 29 JAN 2022)
- Physical Security Standard (effective 23 DEC 2022)
- Privately Managed Network Standard (effective 08 MARCH 2023)
- Privileged Access Management Standard (effective 14 OCT 2022)
- Secure Configuration Management Standard (effective 16 DEC 2022)
- Security Categorization Standard (effective 15 SEPT 2022)
- Security Monitoring and Log Management Standard (effective 23 FEB 2022)
- Security Standards for Mobile Devices (effective 24 AUG 2022)
- Shared File Management Standard (effective 16 DEC 2022)
- Sponsored Accounts Standard (effective 10 FEB 2022)
- Remote Access Security Standard (effective 14 OCT 2022)
- Third-Party Information Security Standard (effective 10 MARCH 2023)
- Vulnerability and Patch Management Standard (effective 30 SEPT 2022)
Standards
In Force:
- Cybersecurity Exception Standard (effective 15 FEB 2021)
- Cybersecurity Risk Management Standard (effective 15 FEB 2021)
- Cybersecurity Risk Acceptance Standard (effective 15 FEB 2021)
- Security Categorization Standard (effective 15 FEB 2021)
- Endpoint Management Standard (effective 10 AUG 2021)
- Access Management Standard (effective 19 AUG 2021)
- Cybersecurity Awareness & Training Standard (effective 19 AUG 2021)
- Privately Managed Network Standard (effective 19 AUG 2021)
- Vendor Cloud Service Security Standard (effective 19 AUG 2021)
- Access to Password Protected Information Standard (effective 6 JAN 2022)
- Digital Millennium Copyright Act Standard (DMCA) (effective 29 JAN 2022)
- Network Security and Management Standard (effective 29 JAN 2022)
- Sponsored Accounts Standard (effective 10 FEB 2022)
ET&S Policy & Standard Initiative
Technology/Cybersecurity Policies & Standards
Provide Feedback on Proposed Policies
Sign-up to Receive Policy & Standard Initiative Updates via Email
- Endpoint Management Standard (effective 6 AUG 2021)
- Cybersecurity Awareness and Training (effective 6 AUG 2021)
- Vendor Cloud Service Security (effective 6 AUG 2021)
- Privately Managed Network (effective 6 AUG 2021)
- Access Management (effective 6 AUG 2021)
Policies
In Force:
- USNH Use of Technological Resources Policy
- USNH Password Policy (effective 20 JAN 2020)
- USNH Privacy Policy (effective AUG 2018)
Proposed
Targeted effective date 01 MAY 2021
Feedback on or questions about these Proposed Policies can be submitted here.
Standards
In Force
- Cybersecurity Exception Standard (effective 15 FEB 2021)
- Cybersecurity Risk Management Standard (effective 15 FEB 2021)
- Cybersecurity Risk Acceptance Standard (effective 15 FEB 2021)
- Security Categorization Standard (effective 15 FEB 2021)
Proposed
Targeted effective date 01 MAY 2021
- Access Management Standard
- Cybersecurity Awareness & Training Standard
- Identity Management Standard
- Privately Managed Network Standard
- Privileged Access Management Standard
- Vendor Cloud Service Security Standard
Feedback on or questions about these Proposed Standards can be submitted here.
Planned
Phase 1 Remaining Standards, targeted to become effective 01 May 2021, will be available for review by early March 2021
- Access to Password Protected Information Standard
- Public and Sensitive Information Handling Standard
- Protected Information Handling Standard
- Restricted Information Handling Standard
- Confidential Information Handling Standard
- Endpoint Management Standard
Phase 2 Standards, targeted to become effective late summer/early fall 2021
- Account Management Standard
- Institutional Email Security and Use Standard
- Network Security and Management Standard
- Server Security and Management Standard
- Sponsored/Guest Access Management Standard
Phase 3+ Standards, planned for late 2021 and 2022
- Application Administration Standard
- Contingency Planning Standard
- Cybersecurity Roles and Responsibilities Standard
- Data Breach Notification Standard
- Data Center Facility Security, Access, and Use Standard
- Data Administration and Management Standard
- Information Technology Resource Secure Disposal Standard
- Information Technology Inventory Management Standard
- Non-Primary Identity Management Standard
- Password Management Standard
- Personnel Security Standard
- Physical Information Technology Asset Access and Management Standard
- Remote Access and VPN Standard
- Security Assessment and Testing Standard
- Security Configuration Management Standard
- Security Logging and Monitoring Standard
- Shared File Storage Standard
- System Acquisition, Development, and Maintenance Lifecycle Standard
- Vulnerability and Patch Management Standard
- Wireless Network Security and Management Standard
The Cybersecurity General services request can be used to ask questions or raise concerns about any of the published Standards. You can also contact the Cybersecurity GRC team with questions - Cybersecurity.GRC@usnh.edu. However, unless specifically noted as being open for Public Comment, Standards published to this site are final, approved versions provided to allow administrative, academic, and business units an opportunity to review prior to their effective date and, if needed, request exceptions.