IT Policy
These policies fall within the overarching ACD125: Information Security Policy, which defines the boundaries of acceptable use of ASU computing and communication resources. The full policy can be found in the Academic Affairs Policies and Procedures Manual (ACD 125).
For additional details on process and procedure guidance, see Get Protected.
What is a Standard?
The traditional definition of standard is a basis for comparison, a reference point against which other things can be evaluated. In the case of information security, a standard is a document that is based on a governance area that is more specific than a policy and typically high level. A standard is specific but not detailed; the detailed aspect of governance is typically called a guideline or a procedure. At ASU, our definition of a standard is any document that sets a level for which a bare minimum of requirements are to be met. It should be noted that a standard is not a step-by-step manual on how to complete a task. Documents below will open in PDF format.
Access to University Technology Resources Policy
Arizona State University (ASU) provides centrally managed information technology services and resources to employees, students, and other affiliates for activities related to its mission of teaching and learning, research, and service. The University limits access to only those individuals and entities that are actively involved in supporting the institution’s mission and goals.
Access to University Technology Resources Standard
The purpose of this standard is to document the process of provisioning and de-provisioning access for ASU affiliates to University technology resources and services.
Anti-Malware Standard
All user and server systems that utilize the University network are required to have a supported and current version of anti-malware in order to perform due diligence towards protecting University systems.
Courtesy Affiliate Standard
This standard documents the process of creating and administering Courtesy Affiliates of ASU.
Data Handling Standard
This standard outlines the responsibilities and controls required for handling all University managed information in any form.
Enterprise System Change Management Standard
This document describes the Enterprise System Change Management Process for Technology Systems at Arizona State University (ASU).
Incident Response Standard
This standard outlines the workflow, roles and responsibilities, and escalation provisions with respect to identifying and handling information security incidents at Arizona State University.
Information Security Policy
The ASU Information Security Policy establishes guidelines and standards for the preservation of the confidentiality, integrity and availability of University information resources, provides for the integrity of institutional processes and records, and supports the University’s compliance with state and federal laws, rules and regulations.
IT Accessibility Standard
Arizona State University (ASU) is committed to providing websites and applications that are accessible to all people, including individuals with disabilities. This standard establishes guidelines for the accessibility of websites and applications considered necessary to meet this goal and ensure compliance with applicable state and federal regulations and laws.
IT Code of Ethics Standard
This standard outlines the ethical, professional, and legal manner in which information technology (IT) employees shall access the university's electronic information systems
IT Risk Assessment Standard
This document outlines ASU’s approach for identifying and analyzing risk areas and taking corrective action in an effort to provide the most secure environment possible.
Password Standard
Documentation of ASU’s standard regarding the changing of passwords that are used to grant access to University resources.
Patch Management Standard
The Patch Management Standards describes basic patch management expectations for University systems.
Peer-to-Peer (P2P) File Sharing Standard
(Also known as: Peer-to-Peer (P2P) File Transfer / Copyright Infringement)
This document describes acceptable and prohibited uses of P2P software and protocols on ASU's network, University sanctions for prohibited uses, and responsibilities for compliance.
Privileged Account Standard
This document establishes guidelines for UTO to ensure the secure use of system accounts and administrator or privileged access rights.
Secure Development Lifecycle Standard
This standard outlines security related responsibilities and expectations for software development that occurs at the University.
Secure IT Development Standard
This standard establishes guidelines and standards for the preservation of the confidentiality, integrity and availability of University information resources associated with websites.
Server Security Standard
This standard establishes a base configuration of ASU server equipment in order to minimize unauthorized access to ASU's computing, internet, and communication resources.
System Audit Requirements Standard
This document contains requirements for logging activities on High Risk and Confidential systems.
Vulnerability Management Standard
The ASU Vulnerability Management Security Standard establishes the framework for maintaining appropriate security for ASU’s Technology Network and Websites. Vulnerability management involves the identification, classification, remediation, and mitigation of vulnerabilities which are found in ASU's assets.