SKIP TO PAGE CONTENT

SA-1 System and Services Acquisition Policy and Procedures

Last Review: 10/1/22

Overview

The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

Purpose

To develop, document, review, update, and disseminate a system and services acquisition policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and develop the procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.

Scope

The scope of these regulations and procedures are applicable to all information resources owned or operated by WTAMU. All users are responsible for adhering to this policy. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.

Regulations and Procedures

The State of Texas Department of Information Resources (DIR) has chosen to adopt a select number of Security Planning Controls as established within the NIST SP 800-53 control family guidelines identified by the DIR Security Control Standards Catalog. This set of controls shall be implemented to ensure proper management of the acquisition of systems.  This will help to ensure that systems are compliant with University information security standards and are compatible with current information resources.

Phone
Twitter
Facebook
Instagram
Mail