Crosswalk from ICUSAM Section 8000 to CSU System Information Security Policy
The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM). As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Policy.
ICSUAM Policy Number and Name | CSU Information Security Policy Heading |
8000.00 Introduction and Scope (2010) | |
8005.00 Policy Management (2010) | |
8010.00 Establishing an Information Security Program (2010) | |
8015.00 Organizing Information Security (2010) | |
8020.00 Information Security Risk Management (2010) | |
8030.00 Personnel Information Security (2010) | |
8035.00 Information Security Awareness and Training (2010) | |
8040.00 Managing Third Parties (2010) | |
8045.00 Information Technology Security (2010) | |
8050.00 Configuration Management (2010) | |
8055.00 Change Control (2010) | |
8060.00 Access Control (2010) | |
8065.00 Information Asset Management (2010) | |
8070.00 Information Systems Acquisition, Development and Maintenance (2010) | |
8075.00 Information Security Incident Management (2010) | |
8080.00 Physical Security (2010) | |
8085.00 Business Continuity and Disaster Recovery (2010) | |
8090.00 Compliance (2010) | |
8095.00 Policy Enforcement (2010) | |
8100.00 Electronic and Digital Signatures (2015) |
Crosswalk from ICUSAM Section 8000 to CSU System Information Security Standards Headings
The CSU Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, CSU system information security policies and standards were located in section 8000 of the Integrated CSU Administrative Manual (ICSUAM)]. As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the CSU System Information Security Standards.
ICSUAM Standard Number and Name | CSU Information Security Standards Heading |
8015.S000 Information Security Roles and Responsibilities (2013) | |
8020.S000 Information Security Risk Management-Exception Standard (2015) | |
8020.S001 Information Security Risk Management-Risk Assessment Standard (2015) | |
8030.S000 Personnel Security (2013) | |
8035.S000 Security Awareness and Training (2013) | |
8040.S001 Third Party Security Standards (2012) | |
8045.S200 Malicious Software Protection (2014) | |
8045.S300 Network Controls Management (2013) | |
8045.S301 Boundary Protection and Isolation (2014) | |
8045.S302 Remote Access to CSU Resources (2013) | |
8045.S400 Mobile Device Management (2013) | |
8045.S600 Logging Elements (2014) | |
8050.S100 Configuration Management--Common Workstation Standard (2015) | |
8050.S200 Configuration Management--High Risk/Critical Workstation Standard (2015) | |
8055.S01 Change Control (2011) | |
8060.S000 Access Control (2013) | |
8065.S001 Asset Management (2013) | |
8065.S02 Data Classification Standards (2011) | |
8065.S003 Information Asset Management-Cloud Storage & Servers (2017) | |
8070.S000 Application Security (2015) | |
8075.S000 Information Security Incident Management (2014) | |
8080.S01 Physical and Environmental Security (2011) | |
8100.S01 CSU Electronic and Digital Signature Standards and Procedures (2016) |
Crosswalk from ICUSAM Section 7100 to CSU Policy Stat
| ICSUAM Standard Number and Name | Policy Stat |
|---|---|
| 7100 Identity Access Management |