Search19 Results

To designate the privacy and security officials for the University of North Carolina at Chapel Hill (the “UNC-Chapel Hill”) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), and all regulations promulgated thereunder (hereinafter collectively referred to as “HIPAA”).

This standard sets a minimum baseline for managing vulnerabilities on any UNC-Chapel Hill system required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities. Please see the “Exceptions” section for phased implementation through 2026.

This Standard defines the minimum security standards “MSS” for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices and third-party systems. Units within the University may apply stricter controls to protect information and technology in their areas of responsibility. The standard applies to each person in the University community and their devices. Please see the “Exceptions” section for phased implementation options through 2027.

Applying only to the ITS unit itself, defines how changes to IT systems are managed. Supports security and customer experience through appropriate IT Change Management practice.

Protected Health Information (PHI) and Sensitive Information (SI) that is transmitted or received on behalf of the University of North Carolina at Chapel Hill by any Constituent must be encrypted in accordance with this Standard, which details required minimum encryption standards for University Tier 2 and Tier 3 information. Particular transmissions may require a heightened encryption requirement or consideration of additional legal or policy requirements.

Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.

To guide University Constituents in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals.

This document describes who at the University of North Carolina at Chapel Hill appoints Information Security Liaisons and what those Information Security Liaisons do.

To describe minimum requirements for members of the University of North Carolina at Chapel Hill ("University" or "UNC-Chapel Hill") experiencing a concern that might indicate a Possible Information Security Incident. To specify Information Security Incident authority and role requirements for Information Security Incident Handlers and Information Security Liaisons.

The University's Information Security Office is working to make the Information Security Program more consistent and clear. This Standard provides definitions that will apply to all Information Security Policies, Standards, and Procedures as they are updated to refer to it.

To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.

The Onyen ("Only Name You'll Ever Need") is a unique identifier given to everyone affiliated with the University. The Onyen gives each person secure access to electronic resources and proves their identity if they follow this policy.

Information Technology (IT) change management increases awareness and understanding of proposed IT changes. IT change management ensures that we make IT changes in a way that is better for IT systems, services, and the people who use them.

The University of North Carolina at Chapel Hill (“University”) has a strong interest in the integrity, confidentiality, and availability of University information and systems. Access controls protect University information by only allowing authorized people to access systems. Following this policy minimizes risk to the University resulting from unauthorized use of resources. Access control at the University happens through procedures and standards that follow this policy.

All members of the University community who engage with any University information technology (including wireless or other networks) must adhere to this Acceptable Use Policy.