Skip to main content

JSU CYBER AWARENESS

SECURITY AWARENESS POLICY

 

Abstract: 
JSU must protect and control access to the sensitive Data it creates, collects, stores and process in paper, and electronic  formats in accordance with all applicable federal and state laws and university policies.

Policy Number: 50000.044/ CMMC AT.2.056
Effective Date: 2/2/2023
Review/Revised Date: 3/2/2023
Category: Information Technology
Policy Owner: CIO/Information Technology
Policy Contact: CISO/Information Technology

 

Policy Statement

Jackson State University’s (“JSU” or “University”) Division of Information Technology’s (“DIT”) intention for publishing a Security Awareness policy for CUI data to bring awareness to risks associated with use and access to systems with CUI data.

 

Purpose

The purpose of this policy is to implement policies and procedures for granting access to Controlled Unclassified Information (CUI).

 

Scope

This policy applies to all organization workforce members and all systems, network, and applications that process, store or transmit CUI. This policy also applies to all vendors, partners, researchers and contractors.

 

Responsibilities

The Chief Information Security Officer is responsible for ensuring the implementation of this policy.

Definitions

    • Controlled Unclassified Information (CUI) – is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified.

 

Policy

All environments involved with CUI must comply fully with the NIST 800-171 standards (either directly or through compensating controls. Jackson State University and its employees, vendors, and contractors will implement the following:

 

Security Awareness Training

  • 1.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems by:
    1. Creating and providing customized basic Security Awareness Training for all JSU employees, risk based Security Awareness Training for employees handling CUI data, and Role based Security Awareness Training on an annual basis or as needed for new hires, or when required by information system changes.
    2. Provide all learners with the means to provide feedback of the training
    3. Generate reports and documentation for training(s) and training content.

 

 

Sanctions/Compliance

Failure to comply with this or any other security policy will result in disciplinary actions as per the Sanction Policy.  Legal actions also may be taken for violations of applicable regulations and laws.

 

Related Standards, Policies, and Processes

Security Awareness Training

  • Information security awareness, education, and training
  • Controls against malware

 Role-Based Security Training

  • Information security awareness, education, and training

 

JSU CYBER AWARENESS

Location

1400 John R. Lynch Street
Student Center
Jackson, MS 39217-0280

Phone: 601.979.2241