Information Security Standards
The Information Security Office provides standards to the university for outlining the minimum care necessary for sensitive data. The standards do not relieve the university or its employees, partners, consultants, or vendors of further obligations that may be imposed by law, regulation, or contract. Prior to implementing a standard, data owners must properly classify their data as outlined in university policy.
Draft standards that are in the process of being finalized are available to anyone with valid OHIO credentials. While they may have slight changes in their completed form, they still provide industry best practices for various facets of information handling.
- Draft Standards (Log in with your OHIO credentials)
For those topics that are not explicitly referenced above, or for additional guidance, the NIST 800 Series Publications are to be used. The Information Security Office follows NIST as its framework for discussions with departments and within OIT for prioritization of security controls.