Overview

The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

Purpose

This document establishes information security assessment and authorization regulations and procedures. The purpose of these regulations and procedures are to manage risks that may impact West Texas A&M University from inadequate security assessment, authorization, and continuous monitoring of university information assets through the establishment of an effective security planning program.

Scope

The scope of these regulations and procedures are applicable to all information resources owned or operated by WTAMU. All users are responsible for adhering to this policy. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.

Regulations and Procedures

The State of Texas Department of Information Resources (DIR) has chosen to adopt a select number of Security Assessment and Authorization Controls as established within the NIST SP 800-53 control family guidelines identified by the DIR Security Control Standards Catalog.DIR Standards Catalog

WTAMU shall develop, adopt or adhere to a formal, documented security assessment and authorization procedure that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

The information security office will maintain regulations and procedures for assessment and authorization that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.