Description

The university develops, disseminates, and periodically reviews/updates formal, documented policies and standards to facilitate information security. Control baselines are predefined sets of controls specifically assembled to address the protection needs of the university. The Texas A&M Information Security Controls Catalog represents the baseline to satisfy mandates imposed by the State of Texas and/or the Texas A&M University System. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints.

Applicability

  • This control applies to the University Chief Information Security Officer (CISO).

Implementation

  • 1

    The default baseline for an information resource shall be the controls contained in the Texas A&M Information Security Controls Catalog.

    • 1.1

      The Texas A&M Information Security Controls Catalog will include the requirements in the Security Control Standards Catalog developed by the Texas Department of Information Resources, and those Controls developed by the Texas A&M University System.

  • 2

    The Chief Information Security Officer may employ standards for the cost-effective information security of information, information resources, and applications within or under the supervision of the University that are more stringent than the standards the Texas Department of Information Resources prescribes under this section if the more stringent standards:

    • 2.1

      Contain at least the applicable standards issued by the Texas Department of Information Resources; and or

    • 2.2

      Are consistent with applicable federal law, policies, and guidelines issued under state rule, industry standards, best practices, or deemed necessary to adequately protect the information held by the University.