5 posts tagged with "policy"

System Regulation 29.01.03, Information Security, has been renumbered to align with the recently released System Policy 29.02.

The new System Policy 29.02, Information Security, was released today.

System Regulation 29.01.06 was released last week, which implements what was previously a policy letter from the System CIO to all members addressing covered applications and prohibited technology.

The guidelines page at https://www.cyber.tamus.edu/policy/guidelines/prohibited-technology/ has been updated to reflect these changes. The regulation is also available at https://policies.tamus.edu/29-01-06.pdf.

An updated Covered Applications and Prohibited Technology Plan, as required by Texas DIR and Texas DPS, was issued today. The updated plan incorporates the requirements of Texas Government Code Chapter 620 and revises the plan's language throughout.

The revised plan is available at https://www.cyber.tamus.edu/policy/guidelines/prohibited-technology/.

A revised System Regulation 29.01.03, Information Security, was released today. This revision:

• adds or clarifies language to reflect the reorganization of the Security Operations Center (SOC) to Texas A&M University System Cybersecurity,
• clarifies the purpose of the Texas A&M System Security Control Standards Catalog and eliminates duplicative or redundant reference to the Texas DIR Security Control Standards Catalog,
• adds supporting language that references system requirements to Texas statute or administrative rule,
• establishes a required frequency for performing risk assessments based on the impact of the system being assessed,
• moves detailed guidance for data center consolidation to the A&M System Security Control Standards Catalog, and
• eliminates guidance for member CIO approval of commodity IT services

The revised regulation is available at https://policies.tamus.edu/29-01-03.pdf.