目的

The purpose of this 系统和信息完整性 Information Technology Requirement (ITR) is to establish information security standards for the 系统和信息完整性 processes relevant to Anne Arundel 社区 College ("College") Information Technology Resources. The discipline of information systems security relies on the practice of ensuring and maintaining the 保密, 完整性, and availability of information systems and data transmitted, 加工过的, 和/或存储在这些系统中.

范围

This ITR applies to all College Information Systems and Information Technology Resources. All Information system custodians, their designees and contractors are responsible for adhering to this ITR. The AACC Security Program will maintain safeguards aligned with NIST SP 800-171 to ensure the protection, 完整性, 保密, and resilience of Information Technology Resources.

定义

1. Authorized User: A 使用r who has been granted authorization to access electronic Information Resources and is current in their privileges.
2. Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.
3. Data: Element(s) of Information in the form of facts, 比如数字, 单词, 的名字, or descriptions of things from which "understandable information" can be derived.
4. Employee: College 工作人员 and 教师, 包括非免税, 免除, and overseas 工作人员 and collegiate 教师.
5. Information System: Inter-related 组件 of Information Technology Resources working together for the collection, 处理, 维护, 使用, 分享, 传播, 或者信息处理.
6. Information System Custodian: A College 工作人员 member or other individual providing services to the College who is responsible for the development, 采购, 合规, and/or final disposition of an Information System.
7. Information Technology Resource: Any equipment or interconnected system or subsystem of equipment that is 使用d in the automatic acquisition, 存储, 操纵, 管理, 运动, 控制, 显示, 切换, 交换, transmission or reception of data or information by the College directly or by a third party under a contract with the College which requires the 使用 of such equipment. 这个术语包括计算机, 移动设备, 软件, 固件, services (including support services), and the College’s network via a physical or wireless connection, regardless of the ownership of the Information Technology Resource connected to the network.
8. Integrity: Ensuring records and the Information contained therein are accurate and Authentic by guarding against improper modification or destruction.
9. 用户:大学社区成员, 包括但不限于, 工作人员, 教师, 学生, 校友, and individuals working on behalf of the College, 包括第三方供应商, 承包商, 咨询顾问, 志愿者, and other individuals who may have a need to access, 使用或控制学院数据.

系统和信息完整性 Requirements

系统和信息完整性 Requirements address security 控制s that are implemented within systems and organizations to provide assurance that the system and information being accessed has not been tampered with or damaged (完整性).

In a risk-based manner, AACC will implement NIST SP800-171 and SP800-172 security 控制s.

1. AACC will identify and mitigate system flaws and vulnerabilities in a timely manner.
2. AACC will provide protection from malicious code.
3. AACC will oversee service providers of system, subsystem, 组件, and application(s).
4. AACC will monitor system security alerts and notifications and take rapid corrective action.
5. AACC will identify and respond to unauthorized 使用 of systems.
6. AACC will identify and respond to unauthorized access to Information.
7. AACC不会实施系统, 子系统, 组件, 以及被禁止的应用程序, 法律法规.

执行

Any 使用r with knowledge of a potential violation shall notify IIT as soon as practicable.

任何员工, contractor or other third-party performing duties on behalf of the College who violates may be denied access to Information Technology Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.

豁免

Exceptions should be submitted to the vice president for Information and Instructional Technology Division, through the director of Information Security for review and approval. If an exception is granted a compensating security 控制 or safeguard will be documented.

突发事件

没有一个

评审过程

Information Technology Requirements will be reviewed every 12 months or sooner, if required. Guidelines and Processes will be reviewed every 24 months or sooner, if required.

指导方针标题:  System and Integrity Information Technology Requirement

指导业主: Vice President for Information and Instructional Technology

指导管理员: 资讯保安总监

联系信息: 约翰•威廉姆斯 jwwilliams6@xoxozerol.net  

批准日期: 1月. 8, 2024

有效日期: 1月. 8, 2024

历史: 2023年11月通过

适用于: 教职员工

相关政策: Acceptable Use of Information Technology Resources Policy

相关程序: Acceptable Use of Information Technology Resources Procedures

相关指南:

• Acceptable Use of Information Technology Information Technology Requirement
• System and Integrity Information Technology Guidelines

形式: N/A

相关法律:

• Nist sp 800- 171,800 -172