Information Security - Policies and Standards

This table links to specific sections of CSU and SSU security policies and standards. 

Policies and Standards
Systemwide Policies Systemwide Standards SSU Standards

CSU Information Security Policy and Scope


Introduction, Scope, and Goals

Roles and Responsibilities   Roles and Responsibilities Standard
ISO Domain 5: Information Security Policy    
ISO Domain 6: Organization of Information Security Policy

ISO Domain 6: Organization of Information Security Standard

Risk Management Strategies

Formal Risk Assessment Process

Informal Risk Assessment Process

ISO Domain 7: Human Resource Security Policy

ISO Domain 7: Human Resource Security Standard

Employment Separations and Position Change

Information Security Training and Awareness Activities

Personnel Security Standard

Information Security Awareness Training Standard

ISO Domain 8: Asset Management Policy

ISO Domain 8: Asset Management Standard

Data Classification

Cloud Storage and Services

Data Inventory Procedure

Cloud Procurement Standard

Information Asset Management

ISO Domain 9: Access Control Policy ISO Domain 9: Access Control Standard Access Control Standard
ISO Domain 10: Cryptography Policy ISO Domain 10: Cryptography Standard  
ISO Domain 11: Physical and Environmental Security Policy ISO Domain 11: Physical and Environmental Security Standard Physical Security Standard
ISO Domain 12: Operations Security Policy ISO Domain 12: Operations Security Standard

Vulnerability Management Standard

Monitoring Standard

Configuration Management Standard

Change Control Standard

ISO Domain 13: Communications Security Policy ISO Domain 13: Communications Security Standard  
ISO Domain 14: Systems Acquisition, Development and Maintenance Policy ISO Domain 14: Systems Acquisition Standard  
ISO Domain 15: Supplier Relationships Policy ISO Domain 15: Supplier Relationships Standard  
ISO Domain 16: Information Security Incident Management Policy ISO Domain 16: Incident Management Standard Incident Response Standard
ISO Domain 17: Information Security Aspects of Business Continuity Management Policy ISO Domain 17: Business Continuity Management Standard  
ISO Domain 18: Compliance Policy

ISO Domain 18: Compliance Standard

Standards Enforcement


Compliance Standard

Enforcement Standard

Privacy of Personal Information    

Debit/Credit Card Payment Policy


Responsible Use Policy

CALREN Acceptable Use Policy

    Personal Confidential Information
    Computer and Network Usage