BSD Information Security Policies

The BSD Information Security Office (ISO), UCM and University Information Security Offices have collaboratively developed a set of cyber security policy documents that will direct and guide our Organizations through the new landscape of cyber security threats and regulations. These Policies apply to employees and students of the Organizations, individuals who fall within the definition of “Workforce” of an Organization, and third parties with access to the Organizations’ Information Systems and/or the Organization’s Information Assets (“Covered Individuals”).

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

BSD Information Security Standards

The BSD Information Security Office (ISO) has developed standards to guide a system owner or administrator in reviewing a system configuration and ensuring the system is properly protected. These Standards apply to Systems in the BSD research and academic enterprise, which includes BSD basic sciences, the Pritzker School of Medicine, and various other BSD units engaged in research. System Administrators, researchers and staff with system administration responsibilities are expected to safeguard information and systems they use and/or support. Non-compliance with these standards will result in revocation of access to the data, system, and/or network.

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

Standard Name Standard Description
STA-01 BSD Minimum Security Standards for Systems This document defines the BSD minimum security standards required for systems that may be used to access, store or process (input, output, transmit, receive, display, calculate, etc.) information owned and used by the University of Chicago Biological Sciences Division (BSD).
STA-02 BSD Security Standards for Databases This document defines the BSD Security Standards for Databases including Access, Data, Database Applications, and Build and Configuration controls that a database owner or administrator must take to review and ensure that the database is properly protected.
STA-03 BSD Security Standards for Networked Printers
This document defines the BSD Security Standards for Networked Printers including Access, Logging and Configuration controls that a printer owner or administrator must take to review and ensure that the network printer is properly protected.
STA-04 BSD Password Management Standards
This document defines the BSD Password Management Standards required for configuring and protecting passwords to reduce the risk of account compromise in the Biological Sciences Division.
STA-05 BSD IT Asset Inventory and Categorization Standards
This document defines the BSD IT Asset Inventory and Categorization Standards required for identifying and prioritizing BSD information technology assets that contain University information.
STA-06 BSD Media Sanitization Standards
This document defines the BSD Media Sanitization Standards required for the secure removal of restricted information from media used to store information owned and used by the Biological Sciences Division.
STA-07 BSD Security Standards for Web Applications
This document defines the BSD Security Standards for Web Applications. This standard ensures that web applications used by the Biological Sciences Division are properly and safely developed.
STA-08 BSD Vulnerability Management Standards
This document defines the standards required for reducing the risks posed by breaches in security caused by the exploitation of vulnerabilities in the Biological Sciences Division.
STA-09 BSD IT Security Exception Standard
This document defines the standards for requesting an IT Security exception to compliance with established Biological Sciences Division information security policies, standards, and procedures.
STA-10 BSD Minimum Security Standard for Endpoints
This document defines the BSD Security Standards for Endpoints (Windows and Mac). This standard ensures that endpoints used by the Biological Sciences Division are properly and safely secured.

BSD Information Security Guidelines and Procedures

Securing Devices Guidelines 
The purpose of these guidelines is to ensure greater security on individual assets.
    1. GDE-01 Securing a Macintosh Device
    1. GDE-02 Securing a Windows Device
    1. GDE-03 Securing an Android Device
    1. GDE-04 Securing an iOS Device