Standards

Information Security Standards

These standards apply to all university-owned information technology devices and resources. They serve as instructional guidance for all types of users, from staff to systems administrators and executive leadership, as to how to securely interact, configure, and connect. While these standards offer guidance, if additional questions arise please contact IT-Compliance@umd.edu.

• Standard for IT Security Roles and Responsibilities (IT-1)
• Data Classification Standard (IT-2)
• Standard for Protecting Sensitive Information (IT-4)
• Security of Information Technology Resources Standard (IT-5)
• Standard on Institutional Email (IT-14)
• Standard for Information Technology Records Investigations (IT-16)
• Interim Standard for IT Security Incident Response (IT-17)

PCI Security Standards

The UMD Cardholder Data Security Standards apply to all UMD network infrastructures and IT elements that are attached to the Cardholder Data Environment and are transmitting or processing cardholder data.

These standards help the university obtain and maintain PCI compliance based on the current version of the PCI DSS (Payment Card Industry Data Security Standard) as required by the banking industry for any business or organization that accepts credit card payments.

The UMD Cardholder Data Security Standards apply to all UMD network infrastructures and IT elements that are attached to the Cardholder Data Environment and are transmitting or processing cardholder data.

• Payment Card Industry Compliance
• Standard for Configuration of Routers and Firewalls on Networks Processing Cardholder Data (IT-6)
• Standard for Vendor Supplied Defaults and Parameters on Networks Processing Cardholder Data (IT-7)
• Standard for Protection of Cardholder Data (IT-8)
• Standard for Encrypted Transmission of Cardholder Data (IT-9)
• Standard for Managing Vulnerabilities within Networks Processing Cardholder Data (IT-10)
• Standard for Access Control on Networks Processing Cardholder Data (IT-11)
• Standard for Monitoring of Networks Processing Cardholder Data (IT-12)
• Standard for Testing of Networks Processing Cardholder Data (IT-13)