Revised System Regulation 29.01.03
A revised System Regulation 29.01.03, Information Security, was released today. This revision:
- adds or clarifies language to reflect the reorganization of the Security Operations Center (SOC) to Texas A&M University System Cybersecurity,
- clarifies the purpose of the Texas A&M System Security Control Standards Catalog and eliminates duplicative or redundant reference to the Texas DIR Security Control Standards Catalog,
- adds supporting language that references system requirements to Texas statute or administrative rule,
- establishes a required frequency for performing risk assessments based on the impact of the system being assessed,
- moves detailed guidance for data center consolidation to the A&M System Security Control Standards Catalog, and
- eliminates guidance for member CIO approval of commodity IT services
The revised regulation is available at https://policies.tamus.edu/29-01-03.pdf.