Skip Navigation
Request Info
Apply Now
Request Info
Apply Now
Skip to Menu Toggle Button

UMGC Policy X-1.17 Situational Awareness of Information Systems and Technology Resources

EXPLORE MORE OF UMGC

Policy CategoryPolicy OwnerVersion Effective DateReview CyclePolicy Contact
X. Information Governance, Security & TechnologyChief Transformation OfficerMarch 28, 2023Every 2 yearsinfosec@umgc.edu

  1. Purpose

    The purpose of this policy is to establish information security standards for the Situational Awareness processes relevant to University of Maryland Global Campus ("UMGC" or "University") Information Technology Resources.

  2. Scope and Applicability

    This policy applies to all University Information Systems and Information Technology Resources. All Users are responsible for adhering to this policy.

  3. Definitions

    Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.

  4. Policy Statement

    Information System Stewards or their designee must adhere to the University's Situational Awareness Policy when managing University Information Technology Resources by monitoring threats that may impact University Information Systems and Information.

    Information sharing forums and sources must be used to receive and respond to cyber threat intelligence and communicate to stakeholders.

  5. Exceptions

    Exceptions to this policy should be submitted to the Sr. Director, Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.

  6. Enforcement
    1. Any Employee, Contractor, or third-party performing duties on behalf of the University with knowledge of an alleged violation of this Policy shall notify the Sr. Director, Information Security as soon as practicable.
    2. Any Employee, Contractor, or other third-party performing duties on behalf of the University who violates this Policy may be denied access to Information Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.
  7.  Standards Referenced
    1. USM IT Security Standards, v.5, dated July 2022
    2. NIST SP 800-171r2 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, dated February 2020
    3. Cybersecurity Maturity Model Certification (CMMC), v.2.0, dated December 2021
  8. Related Policies
    1. UMGC Policy X-1.04 Information Security
    2. UMGC Policy X-1.05 Information Security Awareness and Training
    3. UMGC Policy X-1.06 Information Security Incident Response
    4. UMGC Policy X-1.21 System and Communication Protection
    5. UMGC Policy X-1.22 System and Information Integrity
  9. Effective Date: This policy is effective as of the Version Effective Date set forth above.

By using our website you agree to our use of cookies. Learn more about how we use cookies by reading our Privacy Policy.