Policies
Information Security Program: The Information Security Program at South Texas College is chartered by Policy CS (Local) – Information Security. The policy clearly defines the need to protect our information resources according to their value and administered in conformance with federal and state law. Policy CS also defines that the College is following the Information Security Standards defined in Texas Administrative Code 202. Reference our Information Resources Security Guidelines for more information.
Acceptable Use of Information Resources: This policy sets the expectations for users of information resources. It also includes a list of prohibited uses of College information resources. Reference Policy CR (Local) – Technology Resources for more information.
The following table contains some of the external standards that we are following:
| Standard | Applicable To | Guidance |
|---|---|---|
| TAC 202 Security Control Standards | College-wide | http://dir.texas.gov/View-About-DIR/Information-Security/Pages/Content.aspx?id=2 |
| Texas Department of Information Resources - Covered Applications and Prohibited Technologies | College-wide | https://dir.texas.gov/information-security/covered-applications-and-prohibited-technologies |
| Payment Card Industry Data Security Standard Standard | Systems, networks, and staff that interacts with credit card payments | https://www.pcisecuritystandards.org/document_library |
| NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations) | Systems that are storing or transmitting data that is received or shared with the federal government. | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r3.pdf |
| Criminal Justice Information Services (CJIS) Security Policy | Systems that are storing or transmitting data from the CJI data. | https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center |
