California State University, Sacramento

Based on real user feedback and statistics, no longer supports Microsoft’s Internet Explorer browser. Please upgrade your browser to improve your experience.

Skip to Main Content

Information Security Information Resources & Technology

Support Page Content

CSU Information Security Policies & Standards

Sacramento State is committed to protecting the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to the University. Therefore, we hereby adopt both the California State University Information Security Policies and Standards and the Sacramento State Supplemental Information Security Policies.

Policies vs. Standards vs. Procedures

  • Policies are formal statements created by the university that reflect our mission, which in this case is the protection of Sacramento State's information and assets.
  • Standards are rules or actions that must be done to ensure our policies are being followed. They indicate expected behavior and must be enforced.
  • Procedures are detailed step by step instructions on how to implement or adhere to the standards.
  • Guidelines are recommended practices that are based on industry-standard practices.

Information Security Policy

CSU System Policy & Standards

Policies and standards are organized in the following, clickable index:

Policy Number Policy Topic Supplemental Policies Standards Procedures, Guidelines, Others
8000.0 Introduction and Scope      
8005.0 Policy Management      
8010.0 Establishing an Information Security Program      
8015.0 Organizing Information Security   CSU: 8015.S000  
8020.0 Information Security Risk Management   CSU: 8020.S000
CSU: 8020.S001
8025.0 Privacy of Personal Information      
8030.0 Personnel Information Security   CSU: 8030.S000  
8035.0 Information Security Awareness and Training   CSU: 8035.S000  
8040.0 Managing Third Parties    CSU: 8040.S001
General Provisions for Information Technology Acquisitions
Information Security Requirements - Supplemental Provisions
Higher Education Cloud Vendor Assessment Tool
 8045.0 Information Technology Security   CSU: 8045.S200
CSU: 8045.S300
CSU: 8045.S301
CSU: 8045.302
CSU: 8045.400
CSU: 8045.600
8050.0 Configuration Management   CSU: 8050.S100
CSU: 8050.S200
8055.0 Change Control   CSU: 8055.S01  
8060.0 Access Control   CSU: 8060.S000 Access Control Standard
CSU: 8060.S000 Appendix A
8065.0 Information Asset Management  EO1031 CSU: 8065.S001
CSU: 8065.S02
CSU: 8065.S003
8070.0 Information Systems Acquisition, Development and Maintenance   CSU: 8070.S000  
8075.0 Information Security Incident Management   CSU: 8075.S000  
8080.0 Physical Security   CSU: 8080.S01  
8085.0 Business Continuity and Disaster Recovery EO1031Records Retention & Disposition Schedules    
8090.0 Compliance HIPPA Policy
Debit/Credit Card Payment Policy 6340.00
ICSUAM Section 3000
 01 -CSUS_Credit_Card_Handling_Standards A01 - CSUS-Annual PCI-Assessment-Procedure
A02 - Annual Credit Card Acceptance Acknowledgement
A03 - User Access Inventory - Template
A04 - Device Inventory - Template
A05 - Sacramento State Credit Card Business Process Inventory
02 - CSUS_Credit_Acceptance_Procedures_Rev_050418
03 - Credit_Card_Channel_Request_11082019
8095.0 Policy Enforcement      
8100.0 Electronic and Digital Signatures    CSU: 8100.S01  
8105.0 Responsible Use Policy