Information security standards are a set of security controls and features to be applied to a system, or provided by a system, prior to it being deemed suitable for use in a particular environment or processing mode, and is generally in accordance with information security frameworks, such as NIST and CIS, and information security policies.
Supporting policies, including those relating to IT, information security, and compliance, can be found at https://policies.ucf.edu/.
Standards Open for ReviewThe Information Security Office posts drafts of standards, either new standards or revisions of existing ones, for review by the IT community at UCF. You can find all of the Security Standards currently open for review here (UCF login required).
|101 Multi-Function Device (MFD) Standards||View PDF|
|102 Workstation and Mobile Device Security Standards Updated||View PDF|
|103 Server Security Standards||View PDF|
|105 Patch Management Standards||View PDF|
|106 HIPAA Infrastructure Standards||View PDF|
|107 System Banner Standards||View PDF|
|108 File Transfer and Processing Standards||View PDF|
|109 UCF DKIM and SPF Standards||View PDF|
|120 Vendor Risk Managment Standards||View PDF|
|152 Network Security Standards||View PDF|
|501 Password Standards updated||View PDF|
|502 User Account Standards Updated||View PDF|
|702 TLS/SSL Standards||View PDF|
Faculty & Staff Guidelines
|Student Security Guidelines||View Page|