Cybersecurity Standards
Access Control | Awareness & Training | Audit & Accountability | Configuration Management | Contingency Planning | Computer Security | General Security Provisions | Incident Response | Personnel Security | Physical & Environmental Protections | Risk Management | System Communications & Protections
Access Control
- AC-001.02-Privileged Account Management
- AC-001.04-VPN Access
- AC-001.06-Third-Party Access to Accounts and Data
- AC-001.08-Data Center Access
Awareness and Training
Audit and Accountability
AU-001-Audit and Logging Accountability
AU-002-Logging and System Activity Review
Configuration Management
CM-001-Configuration Management
Contingency Planning
CP-001-Business Continuity Planning
CP-002-Information Security during a Disaster
Computer Security
CS-001-Device Life Cycle Security
CS-002-Personally Owned Device Security
General Security Provisions
GP-001-UTHSC Information Security Program
- GP-001.01-Information Security Roles and Responsibilities
- GP-001.02-Security Exceptions and Exemptions to ITS Standards and Practices
- GP-001.04-Information Security Violations
GP-002-Data and System Classification
GP-004-Acceptable Use of IT Resources
- GP-004.01-Login Banner
- GP-004.02-Acceptable Use of Generative AI
- GP-004.03-Acceptable Use of UT Health Science Center Phones and Service ***NEW***
Incident Response
IR-001-Security Incident Response
Personnel Security
Physical and Environmental Protections
PE-001-Physical Security of Information Resources and Related Facilities
Risk Management
RM-002 - Vulnerability Management
RM-004 - Third Party Risk Management
System and Communications Protections
SC-002-System and Communications Protections
SC-003-Application System Security