Information security standards provide a set of best practices to safeguard Mason's and your data, assets, and resources. These security standards are derived from NIST 800-53 and the NIST Cyber Security Framework (CSF).
Download the the PDF version of the Information Technology Security Standard by clicking or tapping on the image.
Incident Response Plan for PCI DSS Incidents
The purpose of this standard is to define requirements for responding to a cybersecurity incident involving credit cardholder data.
ITS Information Technology Security Standard
This standard details specific requirements that must be employed to support the George Mason University's Information Security Policy. These requirements are categorized in eighteen (18) Control Family Standards drawn from NIST Special Publication (SP) 500-53. Some controls are required only for particular classes of systems and/or data. System administrators are responsible for complying with the control requirements that are specified for the sensitivity level of systems they maintain. Questions regarding applicability, implementation, or exemption requests should be referred to the Information Technology Security Office.
Password Complexity Standard
The purpose of this standard is to define the user password requirements or electronic access to George Mason University's workstations and systems. This standard applies to every faculty memeber, staff member, student, temporary employee, contractor, outside vendor, or visitor to campus (i.e., user) that authenticates to university-owned systems or devices.
Remote Access User Standard
The purpose of this standard is to define the user's requirements for connecting to George Mason University's network from any host.
Remote Access Device Standard
George Mason University's Information Technology Services (ITS) maintains a Virtual Private Network (VPN) system that supports off-campus access to internal university networks and hosts. All remote access gateway devices need to meet the requirements listed in this standard.