Policies, Guidelines, Standards, and Regulations

Policies

All users of UNTHSC information resources are bound by the policies of UNTHSC and the UNT System.

• HSC Information Security Policy
• HSC Acceptable Use of Electronic Communications Policy
• ITSS Information Security Handbook

Standards and Guidelines

These standards represent the minimum controls necessary for business operations to maintain regulatory compliance standards and ethical business practices.

• Minimum Security Standards for Mission Critical Information Resources
• Minimum Security Standards for Systems
• Minimum Security Standards for Systems with HIPAA Data
• Minimum Security Standards for Application Development and Administration
  • ​Secure Web Application Coding Guidelines
• Minimum Security Standards for Merchant Payment Card Processing
• Minimum Security Standards for Data Stewardship
• Contracts/IT or Software Purchases
• Data Security/Information Ownership
• Data Encryption Guidelines
  • Approved encryption standards for handhelds
• Multi-factor Authentication Standards
• Travel Guidelines
• Export Controls

Laws

The laws listed here represent only a subset of the legal landscape governing the use of information resources, but are fairly representative of the standards on which our policies and guidelines are built.

• TAC 202
• HIPAA
• FERPA
• EXPORT CONTROL LAWS

Frameworks

• NIST 800-53
• NIST 800-171
• Texas Cyber Security Framework