OVERVIEW:
Oakland University (OU) is committed to maintaining a high level of community trust by implementing security and compliance initiatives in a manner consistent with all laws, regulations, and industry practices.
As a large public research institution OU is accountable for a wide range of diverse security and compliance objectives that are composed of technical and not-technical aspects.
In some instances these efforts apply institution wide, while others are tightly focused and only apply to certain projects \ functional areas.
The purpose of this KB is to promote awareness for the various security and compliance initiatives University Technology Services (UTS) manages \ tracks along with the available methodology and tools that apply.
COMMON TERMINOLOGY & APPLICATION:
UTS may refer to various compliance and security based acronyms when discussing technology solutions.
The information below is intended to clarify commonly used terms; however it is not comprehensive and each area is responsible for identifying standards that are applicable to their operations.
-
ADA: The Americans with Disabilities Act (ADA) is a civil rights law the prevents discrimination against individuals with disabilities in all areas of public life, including jobs, schools, transportation, and all public and private places that are open to the general public.
- ADA is an extremely broad act; within the technology realm it typically applies to ensuring electronic content is accessible to all individuals, for example those with visual impairments.
-
FERPA: The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student (“eligible student”)
- Broadly speaking most University records are govered by FERPA.
-
GLBA: The Gramm Leach Bliley Act (GLBA) is a law that applies to how higher education institutions collect, store, and use student financial records (e.g., records regarding tuition payments and/or financial aid) containing personally identifiable information. This law applies to systems or areas on campus that are involved in the processing of student financial information.
- Applies when systems or areas on campus are involved in the processing of student financial information.
-
NIST: Publications in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800 consists of guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities.
-
Compliance with NIST standards is required for systems involved with the processing of certain federal information such as financial aid, however the University has adopted the NIST 800 Series as a security standard for all systems. The NIST 800 series is comprised of hundreds of documents but those commonly used by the university pertain to Risk Assessment (800-30), Security & Privacy Controls (800-53), HIPAA (800-66), and Auditing (800-171).
TOOLS:
At their core all security related standards share a common foundation of best practices, which means there are often many paths to achieving compliance. For example a single configuration may satisfy requirements from multiple, diverse standards. While there is no "one size fits all" approach to performing risk management, and security compliance UTS has complied a catalog of tools that are tailored to addressing specific objectives.
UTS will collaboratively work with you to utilize the following tools to achieve your desired goal. However, we encourage to you to explore the portfolio and familiarize yourself with the tools.