...
Governance: University-Owned Device Standard, Secure Server Standard, Information Security Policy, Sensitive Data Policy
Security Control | SensitiveLevel 4 | ConfidentialLevel 3 | InternalLevel 2 | PublicLevel 1 | ||
|---|---|---|---|---|---|---|
Maintain inventory of computers that identifies criticality of device or data being stored on it.
|
|
|
|
| ||
Maintain inventory of systems being used and managed by WVU that identifies classification of data stored within. |
|
|
|
| ||
Maintain inventory of servers being used and managed by WVU that identifies purpose of server and classification of data stored on server. |
|
|
|
| ||
Develop, document, and periodically update system security plans. | ⬜ | ⬜ ☑ | ⬜ ☑ | ⬜ |
Business Environment
Governance: Vendor Security and Compliance/Technology Procurement Standard (pending development), Risk Assessment Standard
...
Governance: Vulnerability Management Standard
Security Control | Sensitive | Confidential | Internal | PublicLevel 4 | Level 3 | Level 2 | Level 1 | |
|---|---|---|---|---|---|---|---|---|
Authenticated vulnerability scans required monthly |
| ☑ | ☑ | ⬜ | ||||
Critical Patches implemented within 30 days |
|
|
|
| ||||
Prioritize remediation/mitigation based on severity, risk, and likelihood |
|
|
|
| ||||
Implement alternative security controls for vulnerabilities that cannot be remediated |
|
|
|
|