Policies & Standards

All policies with their full text are available on the CSUSB policies website.

CSUSB Standards

Information Security Standard

CSUSB Safeguarding Confidential Information [PDF]

Asset Management

CSUSB Information Authorities and Custodians [PDF]

CSUSB Information Classification Standards [PDF]

CSUSB Information Retention Management Standards [PDF]

CSUSB Information Retention Schedule [PDF]

CSUSB Lost Stolen Information Report [PDF]

CSUSB User Responsibility for Information Assets [PDF]

Access Control

CSUSB Access Control Standard [PDF]

CSUSB Request for Authorization for Local Administrator Rights [PDF]

Physical and Environmental Security

CSUSB Physical Access to the Data Center [PDF]

Operations Security

CSUSB Baseline Configuration for Servers and Desktops [PDF]

CSUSB Cloud Computing Standard [PDF]

CSUSB Containment Guidelines [PDF]

CSUSB Detection Guidelines [PDF]

CSUSB Web Application Security Standard [PDF]

eCommerce

CSUSB Electronic Commerce Services Standards [PDF]

Communications Security

CSUSB Campus Network Architecture [PDF]

CSUSB Network Security Management Standard

Information Security Incident Management

CSUSB Incident Handling Guidelines [PDF]

Vulnerability Management

CSUSB Vulnerability Management Standard [PDF]

CSUSB Vulnerability Management Guidelines [PDF]

Log Management

CSUSB Log Management Standard [PDF]

CSUSB Policy Highlights

Acceptable Use Policy For Electronic Communications 
Campus policy regarding the use of electronic communications for students, faculty and staff.

Policy on Wireless Networks 
Campus policy to manage the deployment of wireless network products and services across the campus.

Student Records Administration Policy 
Policies and regulations by the campus to implement the mandate of subject laws.

Compliance with Copyright Law
The procedure, and possible consequences, of copyright violations

CSU Policy Highlights

Integrated CSU Administrative Manual Section 8000 Information Security Policy

Confidentiality/Protection of Personal Data
The CSU has an obligation, under various laws and CSU systemwide policy, to protect personal employee information and to maintain the confidentiality of that data.

Laws, Acts, and Statutes

Federal Wiretap Acts and Statutes
Federal laws that govern the intercept of electronic transmissions

DMCA Summary
U.S. Copyright Office Summary of the Digital Millennium Copyright Act of 1998 (PDF)

HIPAA Privacy Rule
U.S. Dept. of Health & Human Services Summary of the Health Insurance Portability and Accountability Act of 1996 (PDF)