SI-1: System and Information Integrity – Policy and Procedures
NIST Baseline: Low
Privacy Baseline: Yes
DIR Required By: 07/20/2023
Review Date: 08/22/2024
Purpose –
The System and Information Integrity Policy and associated controls document the minimum standards required to protect the confidentiality, integrity, and availability of information resources and data. Requirements are defined for patches and updates, malicious code protection, information system monitoring, security alerts, information handling, and retention.
Scope and Roles –
This policy applies to information resources owned or managed by Tarleton. The intended audience includes all involved in hiring and personnel management, the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.
Compliance –
System and Information Integrity controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76 and Texas A&M University System Regulation 29.01.03, Information Security.
Implementation –
- The Tarleton CISO, in coordination with information resource owners, shall develop, document, and disseminate a set of controls that addresses the System and Information Integrity of information resources. These controls should:
- Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
- Information resource owners and custodians are responsible for any procedures to facilitate the implementation of the System and Information Integrity controls in order to ensure proper protective mechanisms are in place to reduce information security risks;
- The Tarleton CISO, or their designee, shall review and update the System and Information Integrity controls as necessary.