Policies
Digital Information Security Policies establish accountability and responsibility for university cybersecurity objectives, and the authority to act on behalf of the University in response cybersecurity incidents and breaches, and to observed, known, or suspected cases of non-compliance with the policies and standards.
Enterprise Standards
Enterprise Standards establish a standards approach for selecting and implementing mitigating technical, physical, and administrative safeguards. Enterprise Standards are structured using the NIST SP 800-53 Security and Privacy control catalogue as a guide.
Note that to read more about each standard, you will be redirected to a Queen's SharePoint site where you will be asked to log in with your NetID and password.
- Access Control Standard
- Assessment Authorization and Monitoring
- Audit and Accountability Standard
- Configuration Management
- Contingency Planning
- Data Classification Standard
- Identification and Authentication
- Media Protection
- Physical and Environmental Standard
- Risk Assessment
- Supply Chain Risk Standard
- System and Services Acquisition Standard
- Systems and Communication Standard
- Systems and Information Integrity Standard
Guidelines
Guidelines are technical and procedural documents that recommend actions to reduce management of information and information security risk and to comply with Policies and Enterprise Standards.
Procedures
Standard Operating Procedures provide a consistent approach to delivering on common requests.
Acceptable Use Agreements
Acceptable use agreements establish expectations of community members and guests for the appropriate and acceptable use of digital resources provided by, or on behalf of the University.