Crosswalk from ICUSAM Section 8000 to CSU System Information Security Policy
The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM). As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Policy.
ICSUAM Policy Number and Name | CSU Information Security Policy Heading |
8000.00 Introduction and Scope (2010) | |
8005.00 Policy Management (2010) | |
8010.00 Establishing an Information Security Program (2010) | |
8015.00 Organizing Information Security (2010) | |
8020.00 Information Security Risk Management (2010) | |
8030.00 Personnel Information Security (2010) | Personnel Information Security Activities (ISO Domain 7: Human Resource Security Policy) |
8035.00 Information Security Awareness and Training (2010) | |
8040.00 Managing Third Parties (2010) | |
8045.00 Information Technology Security (2010) | |
8050.00 Configuration Management (2010) | Configuration Management (ISO Domain 12: Operations Security Policy) |
8055.00 Change Control (2010) | |
8060.00 Access Control (2010) | |
8065.00 Information Asset Management (2010) | |
8070.00 Information Systems Acquisition, Development and Maintenance (2010) | ISO Domain 14: System Acquisition, Development and Maintenance Policy |
8075.00 Information Security Incident Management (2010) | |
8080.00 Physical Security (2010) | |
8085.00 Business Continuity and Disaster Recovery (2010) | ISO Domain 17: Information Security Aspects of Business Continuity Management Policy |
8090.00 Compliance (2010) | |
8095.00 Policy Enforcement (2010) | |
8100.00 Electronic and Digital Signatures (2015) | Electronic Signatures, Digital Signatures (ISO Domain 10: Cryptography Policy) |
Crosswalk from ICUSAM Section 8000 to CSU System Information Security Standards Headings
The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM)]. As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Standards.
Crosswalk from ICUSAM Section 7100 to CSU Policy Stat
ICSUAM Standard Number and Name | Policy Stat |
---|---|
7100 Identity Access Management | Identity Access Management |