CSU Information Security Policies & Standards

The CSU Information Security policy provides direction for managing and protecting the confidentiality, integrity and availability of CSU information assets. In addition, the policy defines the organizational scope of the CSU information Security Policy. Policies and standards are organized in the following, clickable index: 

CSU System Policy
Section Policy Topic (PDF)
8000.0 Introduction and Scope
8005.0 Policy Management
8010.0 Establishing an Information Security Program
8015.0 Organizing Information Security
8020.0 Information Security Risk Management
8025.0 Privacy of Personal Information
8030.0 Personnel Information Security
8035.0 Information Security Awareness and Training
8040.0 Managing Third Parties
8045.0 Information Technology Security
8050.0 Configuration Management
8055.0 Change Control
8060.0 Access Control
8065.0 Information Asset Management
8070.0 Information Systems Acquisition, Development and Maintenance
8075.0 Information Security Incident Management

8080.0 Physical Security
8085.0 Business Continuity and Disaster Recovery
8090.0 Compliance
8095.0 Policy Enforcement
8100.0 Electronic and Digital Signatures
8105.0 Responsible Use Policy