Description
Applicability
-
This control applies to the university Chief Information Security Officer (CISO).
Implementation
-
1
The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the System Maintenance of information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance.
-
2
The CISO shall review and update the System Maintenance controls as necessary.