Policy (open access)
The CIO, by virtue of Board of Regents Policy 11, directs that the level of security controls implemented on a server should be relative and proportionate to the level of risk associated with the server. This level of risk may be attributed to multiple factors such as network topology, services and resources offered, type of information managed, and government mandated privacy protection policies including, but not limited to: HIPAA, PCI-DSS, and FERPA.
Vice President of Information Technology
"Security Standards for Information Systems - IT-3610-00" (2012). Information Technology Services. 16.