|Policy Category||Policy Owner||Version Effective Date||Review Cycle||Policy Contact|
|X. Information Governance, Security & Technology||Chief Transformation Officer||March 28, 2023||Every 2 email@example.com|
The purpose of this policy is to establish information security standards for Security Assessment processes relevant to University of Maryland Global Campus ("UMGC" or "University") Information Technology Resources.
Scope and Applicability
This policy applies to all University Information Systems and Information Technology Resources. Information System Stewards are responsible for adhering to this policy.
Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.
Information System Stewards or their designee should ensure the adherence to the University's Security Assessment Policy to include:
SSPs should be documented and updated to describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems on an annual basis or when there is a significant change to the system that could impact the Confidentiality, Integrity, and/or Availability of the system.
At a minimum an SSP must include the following:
Exceptions to this policy should be submitted to the Sr. Director, Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.