Security Policies

BSD Information Security Policies

The  BSD Information Security Office (ISO), UCM and University Information Security Offices have collaboratively developed a set of cyber security policy documents that will direct and guide our Organizations through the new landscape of cyber security threats and regulations.  These Policies apply to employees and students of the Organizations, individuals who fall within the definition of “Workforce” of an Organization, and third parties with access to the Organizations’ Information Systems and/or the Organization’s Information Assets (“Covered Individuals”).

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

Policy Name Policy Status
Access Control Policy Approved
Audit and Accountability Policy Approved
Awareness and Training Policy Approved
Configuration Management Policy Approved
Cybersecurity Incident Response Policy Approved
Data Classification Policy and Handling Procedures Approved
Media Protection Policy Approved
Personally Owned Devices Policy Approved
Physical and Environmental Protection Policy Approved
Responsibility and Oversight Policy Approved
Risk Assessment & Management Policy Approved
System and Communications Protection Policy Approved
System and Information Integrity Policy Approved
System and Service Acquisition Policy (see supported documentation below for procedural template) Approved
Identification and Authenticaion Policy Approved

 

*After clicking on the Policy, you will receive a prompt to login with either your BSDAD or UCHAD account. For BSDAD accounts, please login using the syntax “BSDAD\<username>” and your BSDAD password. *After clicking on the Policy, you will receive a prompt to login with either your BSDAD or UCHAD account. For BSDAD accounts, please login using the syntax “BSDAD\<username>” and your BSDAD password.

 

Supported Documentation

BSD Device Procurement Procedure Template

 

BSD Information Security Standards

 

The BSD Information Security Office (ISO) has developed standards to guide a system owner or administrator in reviewing a system configuration and ensuring the system is properly protected. These Standards apply to Systems in the BSD research and academic enterprise, which includes BSD basic sciences, the Pritzker School of Medicine, and various other BSD units engaged in research. System Administrators, researchers and staff with system administration responsibilities are expected to safeguard information and systems they use and/or support. Non-compliance with these standards will result in revocation of access to the data, system, and/or network.

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

 

Standard Name Standard Description
STA-01 BSD Minimum Security Standards for Systems This document defines the BSD minimum security standards required for systems that may be used to access, store or process (input, output, transmit, receive, display, calculate, etc.) information owned and used by the University of Chicago Biological Sciences Division (BSD).
STA-02 BSD Security Standards for Databases This document defines the BSD Security Standards for Databases including Access, Data, Database Applications, and Build and Configuration controls that a database owner or administrator must take to review and ensure that the database is properly protected.
STA-03 BSD Security Standards for Networked Printers

This document defines the BSD Security Standards for Networked Printers including Access, Logging and Configuration controls that a printer owner or administrator must take to review and ensure that the network printer is properly protected.

STA-04 BSD Password Management Standards

This document defines the BSD Password Management Standards required for configuring and protecting passwords to reduce the risk of account compromise in the Biological Sciences Division.

STA-05 BSD IT Asset Inventory and Categorization Standards

This document defines the BSD IT Asset Inventory and Categorization Standards required for identifying and prioritizing BSD information technology assets that contain University information.

STA-06 BSD Media Sanitization Standards

This document defines the BSD Media Sanitization Standards required for the secure removal of restricted information from media used to store information owned and used by the Biological Sciences Division.

STA-07 BSD Security Standards for Web Applications

This document defines the BSD Security Standards for Web Applications. This standard ensures that web applications used by the Biological Sciences Division are properly and safely developed.

STA-08 BSD Vulnerability Management Standards

This document defines the standards required for reducing the risks posed by breaches in security caused by the exploitation of vulnerabilities in the Biological Sciences Division.

STA-09 BSD IT Security Exception Standard

This document defines the standards for requesting an IT Security exception to compliance with established Biological Sciences Division information security policies, standards, and procedures.

STA-10 BSD Minimum Security Standard for Endpoints

This document defines the BSD Security Standards for Endpoints (Windows and Mac). This standard ensures that endpoints used by the Biological Sciences Division are properly and safely secured.

 

BSD Information Security Guidelines and Procedures

 

Securing Devices Guidelines 
The purpose of these guidelines is to ensure greater security on individual assets.
  1. GDE-01 Securing a Macintosh Device
  2. GDE-02 Securing a Windows Device
  3. GDE-03 Securing an Android Device
  4. GDE-04 Securing an iOS Device