Policies, Standards, Guides and Regulations
These documents collectively represent the University of Tennessee's Information Security Risk Management Framework. Different documents have different target audiences within UTC, specifically those who support the organization (management team), the business process (operations) and the information systems (technical team).
UTC Standards
Standards support University policy and consist of campus-recommended practices. They also serve as campus policy when no UT policy is in place. Standards expand on policy and may fill in the gaps to clarify UTC's Information Technology security stance. The following are links to UTC-specific standards.
- Accessibility
- Acceptable Use
- Access Controls
- Audit and Accountability
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Information and Computer System Classification
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Risk Assessment
- Secure Network
- Security Assessment and Authorization
- Security Awareness, Training, and Education
- Security Incident Response and Reporting
- System and Communication Protection
- System and Information Integrity
- System and Services Acquisition
Guides
The following are links to available UTC-specific Guides.
Regulations
-
Federal Regulations
-
Peer-to-Peer and File Sharing
-
Family Education Rights and Privacy Act (FERPA)
-
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
-
General Data Protection Regulation (GDPR)
-
-
State Regulations
-
File Sharing
-
Privacy Information
-