Currently, all documents are in PDF format. Adobe Acrobat Reader is required to view them.

Stay up to date on changes to Policies & Best Practices with the
RSS Feed
General
Information Technology Security Strategy
Exception Process
Glossary of Terms
Positions of Authority for Each Campus or Institute
Matrices
Information Technology Security Responsibilities Black & White Color
Establishes and Maintains the Standards Responsibilities
Implementation Responsibilities
Oversight Responsibilities
All Matrices
Best Practices
- Availability Planning and Best Practices:
Last Updated: September 25, 2008
This document outlines the University of Tennessee System security best practices for protecting the availability of computer systems. - Change Management:
Last Updated: March 27, 2009
The intent of this document is to serve as a best practice for implementing a change management program. - Encryption of Stored Data on End User Devices:
Last Updated: March 27, 2009
This document outlines the University of Tennessee’s best practices for securing end-user devices with encryption technology. - Incident Response Process:
Last Updated: September 25, 2008
This Best Practice provides specific information for designing a process for each campus or institute to handle information systems security incidents or suspected information systems security incidents. - Media Sanitization:
Last Updated: September 25, 2008
This document describes guidelines for properly removing information, a process called sanitization, from University of Tennessee IT resources. - Multifunction Devices (Draft):
Last Updated: September 25, 2008
This document outlines the University of Tennessee best practices for securing Multifunction Devices. - Network Access and Termination:
Last Updated: September 25, 2008
This Best Practice outlines processes that can be used for allowing, and if necessary, terminating access to the University of Tennessee network. - Passwords:
Last Updated: September 25, 2008
This document describes guidelines for selecting strong passwords and protecting them from unauthorized disclosure. - Protecting Restricted Information:
Last Updated: September 25, 2008
This document outlines best practices that can be used to guard against the unauthorized disclosure or modification of restricted information. - Secure Desktop and Laptop:
Last Updated: September 25, 2008
This document outlines the University of Tennessee best practices for securing desktop and laptop resources. - Secure Mobile Device:
Last Updated: March 27, 2009
This document outlines the University of Tennessee best practices for securing laptop computers and other mobile computing devices. - Secure Network Infrastructure:
Last Updated: September 25, 2008
This document will provide recommendations on the planning, design, placement, configuration and management of core network infrastructure devices. - Secure Server:
Last Updated: September 25, 2008
This document outlines the University of Tennessee best practices for securing server resources. - All Best Practices:
Last Updated: April 06, 2009
This is a ".zip" file containing ".pdf" versions of the above best practices.
Policies
- Acceptable Use Of Information Technology Resources - Policy No.: IT0110 :
Last Updated: March 11, 2009
This document describes guidelines for using The University of Tennessee's computer and Information Technology Resources. - Information Classification - Policy No.: IT0115 (Draft):
Last Updated: August 21, 2008
This policy defines a framework for categorizing information according to the perceived risk to the university and assigns the responsibility to identify and designate the classification of the information. - Information Classification Form (Draft)
- Computer System Classification - Policy No.: IT0116 (Draft):
Last Updated: August 21, 2008
This document established the framework for categorizing computer systems according to the expected impact to university operations should the system experience an interruption of service. - Secure Network Equipment and Wiring - Policy No.: IT0120 (Draft):
Last Updated: August 21, 2008
This document describes guidelines for creation and maintenance of a secure information systems infrastructure. - All Policies:
Last Updated: March 11, 2009
This is a ".zip" file containing ".pdf" versions of the above policies.
State and Federal Laws and Regulations
Tennessee State Law for Personal Information Breach
Tennessee Computer Crimes Act
Health Insurance Portability and Accountability Act (HIPAA)
The Family Educational Rights and Privacy Act (FERPA)
The Gramm-Leach Bliley Act (GLBA)
Other Regulations
Payment Card Industry (PCI) Compliance
