The Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to SDSU’s information and information systems. Policies are mandatory, high-level management directives.

The Board of Trustees of the California State University (CSU) and SDSU is responsible for protecting the confidentiality, integrity and availability of CSU information assets. Unauthorized modification, deletion, or disclosure of information assets can compromise the mission of the CSU, violate individual privacy rights, and possibly constitute a criminal act.


Policy, Standard,  Guideline                                                                                                                           Policy                                                                                                                                                                                                                                                                                                                    Status                                                                                           
CSU ICSUAM 8000.00 Introduction and Scope                           Approved
CSU ICSUAM 8005.00 Policy Management                           Approved
CSU ICSUAM 8010.00 Establishing an Information Security Program                           Approved
                     Standard                           Approved
CSU ICSUAM 8015.00

Organizing Information Security

CSU ICSUAM 8020.00
Information Security Risk Management                           Approved
CSU ICSUAM 8025.00 Privacy of Personal Information                           Approved
CSU ICSUAM 8030.00 Personnel Information Security                           Approved
CSU ICSUAM 8035.00 Information Security Awareness and Training                           Approved
CSU ICSUAM 8040.00 Managing Third Parties                           Approved
CSU ICSUAM 8045.00 Information Technology Security                           Approved
                     Standard                           Approved
                  Guidelines                           Approved
                  Guidelines                           Approved
CSU ICSUAM 8050.00 Configuration Management                           Approved
                     Standard                           Approved
CSU ICSUAM 8055.00  Change Control                           Approved
CSU ICSUAM 8060.00  Access Control                           Approved
CSU ICSUAM 8065.00  Information Asset Management                           Approved
                  Guidelines                           Approved
                  Guidelines                           Approved
CSU ICSUAM 8070.00 Information Systems Acquisition, Development

and Maintenance

CSU ICSUAM 8075.00 Information Security Incident Management                          Approved
CSU ICSUAM 8080.00 Physical Security                           Approved
CSU ICSUAM 8085.00 Business Continuity and Disaster Recovery                           Approved
CSU ICSUAM 8090.00 Compliance                           Approved
CSU ICSUAM 8095.00 Policy Enforcement                           Approved
CSU ICSUAM 8100.00 Electronic and Digital Signatures                           Approved
CSU ICSUAM 8105.00 Responsible Use Policy                           Approved
               SDSU Policy                           Approved
CSU ICSUAM 7100.00 Identity Access Management                           Approved



Standards describe a specific use of technology, often applied to hardware and software. Standards support disaster recovery, and are also mandatory to all users who access SDSU’s information and information systems.


SDSU Information Security Standards  
                   Standards and Links                             Status
                   Vulnerability Management Standard                           Approved
                   Security and Configuration of Information Systems Standard                           Approved
                   SDSU Information Security Plan (To Be Updated)                           Approved



Handle data and devices securely at SDSU with these guidance documents. Note that these guidance documents are recommendations and are not mandatory.

SDSU Information Security Guidelines  
                   Guidelines and Links                             Status
                   IT Security Guidance for Remote Access                           Approved
                   Zoom Meetings for HIPAA Guidance                           Approved
                   Sensitive Data Storage Best Practices                           Approved
                   Security Guidance for Storing and Sharing Protected Data                           Approved