Skip to the content
IT Security Banner, Information Security is Everybody's Responsibility!

Guidelines, Standards and Laws

Confidential information, educational records and user accounts are governed by federal and state laws and regulations, the CSU Information Security Policy and Chancellor’s executive orders, and University guidelines, standards and Administrative Procedures.

IT Security and Compliance is responsible for coordinating the development and dissemination of information security guidelines, standards and procedures for the University. See the links below to access CSU policy and University guidelines, standards and procedures.

The CSU Information Security Policy provides high-level direction for managing and protecting the confidentiality, integrity and availability of CSU information assets. In addition, the policy defines the organizational scope of the CSU information Security Policy.

Executive Orders (EO) are formal orders issued by the California State University Chancellor to direct the establishment of campus programs and procedures, and provide guidance in the development and implementation of such programs.

Standards define the minimum requirements necessary to address information security risks and the specific requirements that ensure compliance with legal regulations, CSU policy and information security best practices. Standards represent the minimum basis upon which Board of Trustee’s audits are based. Standards undergo a formal review and approval process prior to publication.

User Guidelines provide general recommendations and instructions for campus users to comply with information security standards and the CSU Information Security Policy. They are often more technical in nature than policies and standards, and are created and updated as needed to account for changes in technology, regulations or University practices, User guidelines undergo a formal review and approval process prior to publication.

Procedures are step-by-step instructions for accomplishing specific tasks and often include recommended tools for performing those tasks. Procedures are informal documents with no impact on users and therefore, undergo only an internal technical review and approval process prior to publication.

Cal State L.A. Information Security Framework


Information Security Management

Document Title Type Status Last Revised
ITS-2524 Campus Information Security Program Policy Final 3/6/2014
ITS-2005-S Information Security Roles and Responsibilities Standard Final 7/22/2011

TOP


Asset Management

Document Title Type Status Last Revised
ITS-1025-G Collecting and Processing Credit Card Information Guideline Final 9/19/2012
ICSUAM 8065.S02 CSU Information Security Data Classification Standard Standard Final 8/28/2011
ITS-1021-G Data Sanitization Guideline Final 6/24/2010
ITS-1027-G Encryption Security Guideline Final 8/14/2011
EO 999 Illegal Electronic File Sharing and Protection of Electronic Copyrighted Material EO Final 2/27/2008
ITS-2006-S Information Classification, Handling and Disposal Standard Final 2/29/2012
ITS-1020-G Mobile Computing Guideline Final 2/15/2012
ITS-1005-G Portable Electronic Storage Media Guideline Final 3/4/2008
EO 796 Privacy and Personal Information Management Student Records EO Final 1/1/2002
ITS-1016-G Protecting Copyrighted Material Guideline Final 4/28/2010
AP 707 Records Retention, Management and Disposition Program Procedure Final 5/13/2011
ITS-1017-G Safe Disposal of Electronic Storage Media Guideline Final 2/3/2011
AP 011 Student Records Administration Procedure Final 9/23/2005
EO 1031 Systemwide Records/Information Retention and Disposition Schedules Implementation EO Final 2/27/2008
EO 926 The California State University Policy on Disability Support and Accommodations EO Final 2/27/2008
ITS-2013-S Utilization of Multi-function Devices Standard Final 5/2/2012

TOP


Employee Security Management

Document Title Type Status Last Revised
AP 311 Criminal Records Check Procedure Final 2/21/2012
AP 312 Fingerprint Procedure Procedure Final 4/26/2010
ITS-1009-G Separated Employees' Network/E-mail Access Guideline Final 8/26/2006

TOP


Physical Security Management

Document Title Type Status Last Revised
ICSUAM 8080.S01 CSU Physical and Environmental Security Standard Final 9/28/2011
ITS-1013-G Data Center/Communication Room Access Guideline Final 9/26/2013
ITS-1006-G Securing Offices, Workspaces, and Documents Guideline Final 5/21/2008

TOP


Communications Management

Document Title Type Status Last Revised
ITS-1000-G Electronic Communications Guideline Final 01/30/2014

TOP


Network Management

Document Title Type Status Last Revised
ITS-1001-G Network Traffic Management Guideline Final 5/28/2008
ITS-1015-G Wireless Access Guideline Final 2/18/2009

TOP


Access Control

Document Title Type Status Last Revised
ITS-1014-G Access to Administrative Information Systems Guideline Final 4/24/2013
ITS-2007-P Administrative Systems Access Controls and Segregation of Duties Review Procedure Final 12/20/2012
ICSUAM 8060.S01 CSU Access Control Standard Final 6/5/2012
ICSUAM 8100.S01 CSU Electronic and Digital Signature Standards and Procedures Standard Final 5/21/2012
ITS-2015-S Identity and Access Management Standard Standard Interim 5/2/2013
ITS-1012-G Oracle Access Guideline Interim 5/30/2008
ITS-2008-S Password Standards Standard Final 4/10/2014
ITS-5002-S PeopleSoft User IDs and Passwords Standard Final 6/24/2010
ITS-2011-S User Access Control for Decentralized Systems Standard Final 3/10/2011

TOP


Business Continuity Management

Document Title Type Status Last Revised
EO 1014 CSU Executive Order - Business Continuity Program EO Final 10/8/2007
ITS-9506-Web ITS Business Continuity Plan Document Final 4/3/2014
ITS-7502-Web ITS Disaster Recovery Plan Document Final 11/30/2012

TOP


Computer Security Incident Response Management

Document Title Type Status Last Revised
ITS-2511 Campus Security Incident Response Team (CSIRT) Standard Final 6/14/2012
ITS-1008-G Reporting a Lost or Stolen Computer or Electronic Storage Device Guideline Final 5/2/2005

TOP


IT Project and Procurement Management

Document Title Type Status Last Revised
ICSUAM 8055.S01 CSU Change Control Standard Standard Final 3/11/2011
EO 862 CSU Executive Order - Information Technology Project Management EO Final 4/18/2003
ITS-1022-G Information Security Contract Language Guideline Final 8/4/2011
ITS-1004-G IT Project and Procurement Guideline Final 10/24/2013

TOP


Information Security Risk Management

Document Title Type Status Last Revised
ITS-1025-G Collecting and Processing Credit Card Information Guideline Final 9/19/2012
EO 877 CSU Executive Order - Health Care Portability and Accountability Act of 1996 EO Final 4/14/2003
ITS-1018-G ID Theft Prevention Guidelines Guideline Final 8/26/2009
ITS-1028-G User Guidelines for HIPAA Compliance Guideline Final 2/28/2013

Applicable Federal Laws and Regulations

TOP

Applicable California State Laws and Regulations


Other Resources

TOP


5151 State University Drive . Los Angeles . CA 90032 . 323-343-3000
© 2013 Trustees of the California State University