Crosswalk from ICUSAM Section 8000 to CSU System Information Security Policy

The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:

  1. Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
  2. Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.

The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.

Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM). As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Policy.

ICSUAM Policy Number and Name

CSU Information Security Policy Heading

8000.00 Introduction and Scope (2010)

Policy

Scope

Roles and Responsibilities

8005.00 Policy Management (2010)

ISO Domain 5: Information Security Policy

8010.00 Establishing an Information Security Program (2010)

Roles and Responsibilities

8015.00 Organizing Information Security (2010)

ISO Domain 6: Organization of Information Security Policy

8020.00 Information Security Risk Management (2010)

ISO Domain 6: Organization of Information Security

8030.00 Personnel Information Security (2010)

Personnel Information Security Activities (ISO Domain 7: Human Resource Security Policy)

8035.00 Information Security Awareness and Training (2010)

Information Security Training and Awareness Activities (ISO Domain 7: Human Resource Security Policy)

8040.00 Managing Third Parties (2010)

ISO Domain 15: Supplier Relationships Policy

8045.00 Information Technology Security (2010)

ISO Domain 12: Operations Security Policy

ISO Domain 13: Communications Security Policy

8050.00 Configuration Management (2010)

Configuration Management (ISO Domain 12: Operations Security Policy)

8055.00 Change Control (2010)

Change Control (ISO Domain 12: Operations Security Policy)

8060.00 Access Control (2010)

ISO Domain 9: Access Control Policy

8065.00 Information Asset Management (2010)

ISO Domain 8: Asset Management Policy

8070.00 Information Systems Acquisition, Development and Maintenance (2010)

ISO Domain 14: System Acquisition, Development and Maintenance Policy

8075.00 Information Security Incident Management (2010)

ISO Domain 16: Incident Management Policy

8080.00 Physical Security (2010)

ISO Domain 11: Physical and Environmental Security Policy

8085.00 Business Continuity and Disaster Recovery (2010)

ISO Domain 17: Information Security Aspects of Business Continuity Management Policy

8090.00 Compliance (2010)

ISO Domain 18: Compliance Policy

8095.00 Policy Enforcement (2010)

Enforcement

8100.00 Electronic and Digital Signatures (2015)

Electronic Signatures, Digital Signatures (ISO Domain 10: Cryptography Policy)

Crosswalk from ICUSAM Section 8000 to CSU System Information Security Standards Headings

The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:

  1. Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
  2. Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.

The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.

Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM)]. As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Standards.

ICSUAM Standard Number and Name

CSU Information Security Standards Heading

8015.S000 Information Security Roles and Responsibilities (2013)

Roles and Responsibilities

8020.S000 Information Security Risk Management-Exception Standard (2015)

Exceptions

8020.S001 Information Security Risk Management-Risk Assessment Standard (2015)

Risk Management Strategies (ISO Domain 6: Organization of Information Security Standard)

8030.S000 Personnel Security (2013)

Employment Separations and Position Change (ISO Domain 7: Human Resource Security Standard)

8035.S000 Security Awareness and Training (2013)

Campus Security Awareness and Training Program (ISO Domain 7: Human Resource Security Standard)

8040.S001 Third Party Security Standards (2012)

ISO Domain 15: Supplier Relationships Standard

8045.S200 Malicious Software Protection (2014)

Protections Against Malicious Software Programs (ISO Domain 12: Operations Security Standard)

8045.S300 Network Controls Management (2013)

Network Information Requirements (ISO Domain 13: Communications Security Standard)

8045.S301 Boundary Protection and Isolation (2014)

Boundary Protection and Isolation (ISO Domain 13: Communications Security Standard)

8045.S302 Remote Access to CSU Resources (2013)

Remote Access to CSU Resources (ISO Domain 12: Operations Security Standard)

8045.S400 Mobile Device Management (2013)

Mobile Device Management (ISO Domain 12: Operations Security Standard)

8045.S600 Logging Elements (2014)

Logging Elements (ISO Domain 12: Operations Security Standard)

8050.S100 Configuration Management--Common Workstation Standard (2015)

Common Workstation Minimum Configuration Requirements (ISO Domain 12: Operations Security Standard)

8050.S200 Configuration Management--High Risk/Critical Workstation Standard (2015)

High Risk/Critical Workstation Standard (ISO Domain 12: Operations Security Standard)

8055.S01 Change Control (2011)

Change Control (ISO Domain 12: Operations Security Standard)

8060.S000 Access Control (2013)

ISO Domain 12: Access Control Standard

8065.S001 Asset Management (2013)

ISO Domain 8: Asset Management Standard

8065.S02 Data Classification Standards (2011)

Data Classification Levels (Asset Management ISO Domain 8 Standard)

8065.S003 Information Asset Management-Cloud Storage & Servers (2017)

Cloud Storage and Services (ISO Domain 8: Asset Management Standard)

8070.S000 Application Security (2015)

Application Security Standard (ISO Domain 14: Systems Acquisition Standard)

8075.S000 Information Security Incident Management (2014)

ISO Domain 16: Incident Management Standard

8080.S01 Physical and Environmental Security (2011)

ISO Domain 11: Physical and Environmental Security Standard

8100.S01 CSU Electronic and Digital Signature Standards and Procedures (2016)

Acceptable Use of Electronic and Digital Signatures (ISO Domain 10: Cryptography Standard

Crosswalk from ICUSAM Section 7100 to CSU Policy Stat

ICSUAM Standard Number and NamePolicy Stat
7100 Identity Access ManagementIdentity Access Management
Back to Top ↑
©