Skip to main content

2 posts tagged with "ir-6"

View All Tags

Updated Security Control Standards

· 2 min read
Nick McLarty
Nick McLarty
Deputy Chief Information Security Officer

We released today a series of administrative changes to the security control standards. The majority of these changes moved TAMUS Implementation Statement language into organizationally-defined parameters (ODP) within each control, as well as implementing control standards that reflect existing system policy and assigning an impact baseline for all TAMUS-required controls.

The changes to controls include:

  • AC-2(7): Implementation language moved to AT-3
  • AC-8: Withdrawn TAMUS implementation language
  • AT-2: Added ODP for frequency of training
  • AT-2(2): Implemented insider threat training as part of the system delivered Information Security Awareness (3001) course
  • AT-2(3): Implemented social engineering and mining training as part of the system delivered Information Security Awareness (3001) course
  • AT-3: Implemented language moved from AC-2(7) for privileged user role-based training
  • AT-4: Implemented language to address recordkeeping of training delivered via TrainTraq
  • CA-2: Added ODP for frequency of control assessments
  • CA-2(1): Implemented language from 1 TAC 202
  • CM-6: Eliminated language referring to major information systems, relying solely on high-impact systems
  • CP-4: Moved TAMUS implementation language into ODP
  • IA-2(1): Removed TAMUS implementation statement in lieu of DIR having a higher implementation burden
  • IA-5(9): Moved TAMUS implementation language into ODP
  • IR-4: Added references from 29.01.03 to TAMUS implementation statement
  • IR-4(1): Added ODP for automated incident handling process using TAMUS Cyber provided toolsets
  • IR-4(8): Added ODP with references from 29.01.03
  • IR-4(14): Added references from 29.01.03 to TAMUS implementation statement
  • IR-6: Moved TAMUS implementation language into ODP
  • IR-6(1): Added ODP with references from 29.01.03
  • PL-4: Added ODP for frequency of reviewing rules of behavior
  • PL-10: Implemented language to define the control baseline for A&M System information resources
  • PM-5: Added ODP for frequency of updating inventories of information systems
  • PT-3: Moved to SI-12(1)
  • RA-3: Added ODP with references from 29.01.03
  • RA-5(11): Added ODP to designate TAMUS Cyber Operations as central point of contact for public vulnerability disclosures, inheriting authority from 29.01.03
  • SI-5(1): Added ODP for automated reporting with references from 29.01.03
  • SI-12(1): Implemented control moved from PT-3
  • SR-6: Implemented language designating TAMUS Cyber as provider of supplier assessments and reviews

Change to Incident Reporting Process

· One min read
Nick McLarty
Nick McLarty
Deputy Chief Information Security Officer

We have made slight modifications to the incident reporting process within the TAMUS ISAO Portal. Please see the updated instructions here: https://cyber.tamus.edu/policy/guidelines/incident-notification/submit-incident/

These changes simplify the steps necessary for members to submit incident reports, eliminates extraneous actions on the back-end for TAMUS Cyber, and allows for TAMUS Cyber to communicate back-and-forth with the reporting member directly within the TAMUS ISAO Portal.