...
In 2016, the SUNY Board of Trustees adopted the Information Security Policy 6900 which is applicable to all state-operated and community colleges. With emerging and ongoing cyber security cybersecurity risks, the NIST Policy Initiative seeks to enhance current cyber security cybersecurity efforts by establishing SUNY System-wide policies based on the NIST 800-53 standards. Along with the rest of SUNY, Fredonia will be developing and rolling out the NIST based information security policies during the 2019-2020 and 2020-2021 academic years.
...
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department. It was established to encourage and assist innovation and science through the promotion and maintenance of a set of industry standards. The NIST 800-53 standards are a comprehensive catalog of cyber security cybersecurity controls and implementation guidelines for information systems. The security controls are segmented into 18 control families that address the operational, technical, and managerial safeguards required to protect the confidentiality, integrity, and availability of information.
...
These policies are applicable to all employees who access Information Technology (IT) Resources owned and/or operated by Fredonia, including Fredonia’s Information Assets, Business Systems, and Information Technology Resources. Any information, not specifically identified as the property of other parties, that is transmitted or stored on Fredonia IT Resources (including e-mail, messages, and files) is the property of Fredonia. All users of IT Resources, including Fredonia employees, contractors, vendors, or others, are responsible for receiving some level of Information security training in accordance with this Policy.
...
The Information Technology Services (ITS) department will generally be the primary implementers of the controls referenced within these policies, however, any employee or affiliate utilizing University regulated data and/or system(s) will need to adhere to the policy requirements. Those employees that administer or manage information systems need to ensure that they fully understand these policies. Please contact the Information Security Office (716) 673-4725 if you have any questions.
...