Overview
Information security standards provide a set of best practices to safeguard George Mason’s and your data, assets, and resources. These security standards are based on the National Institute of Standards and Technology’s Special Publication (NIST SP) 800-53 moderate baseline controls, scoped and tailored to the context of higher education institutions. NIST SP 800-53 is a widely accepted industry standard, most often used by U.S. federal and state agencies. The IT Security Standard describes controls as they apply to systems and processes based upon a high/medium/low classification.
Incident Response Plan for PCI DSS Incidents
The purpose of this standard is to define requirements for responding to a cybersecurity incident involving credit cardholder data.
ITS Information Technology Security Standard
This standard details specific requirements that must be employed to support George Mason’s policies. These requirements are categorized into sixteen (16) Control Family Standards drawn from NIST Special Publication (SP) 500-53 Revision 5. Some controls and enhancements are required only for particular classes of systems and/or data. System administrators are responsible for complying with the control requirements that are specified for the categorization and sensitivity level of the systems they maintain. Questions regarding applicability, implementation, or exemption requests should be referred to the Information Technology Security Office or the IT Risk and Compliance Office.
- Download the PDF version of the Information Technology Security Standard
Password Complexity Standard
The purpose of this standard is to define the user password requirements or electronic access to George Mason’s workstations and systems. This standard applies to every faculty member, staff member, student, temporary employee, contractor, outside vendor, or visitor to campus (i.e., user) that authenticates to university-owned systems or devices.
Remote Access User Standard
The purpose of this standard is to define the user’s requirements for connecting to George Mason’s network from any host.
Remote Access Device Standard
George Mason’s ITS maintains a Virtual Private Network (VPN) system that supports off-campus access to internal university networks and hosts. All remote access gateway devices need to meet the requirements listed in this standard.
Media Sanitization Procedure
This procedure provides detailed instructions for the permanent removal and verification of the removal of data from George Mason-owned electronic devices. This applies to all university departments and offices at all George Mason locations that are planning to release for reuse George Mason-owned electronic devices.
Payment Card Industry (PCI) Security Standard
This standard provides guidance to ensure the university complies with the Payment Card Industry Data Security Standard (PCI DSS) and to prevent unauthorized disclosure of customer account data.