Introduction

The University of Montana is committed to the development and implementation of comprehensive IT policies and standards, guided by the NIST Cybersecurity Framework (CSF), to safeguard our computer systems, networks, and information resources. Our policies and standards encompass aspects of IT usage within our academic, research, and administrative environments, emphasizing the protection of digital information assets and the responsible management of technology resources.

The UM Information Security Office oversees the development of UM’s IT policies and standards. These are designed to support and enhance the University’s educational, research, and business missions, ensuring the security, usability, and availability of our IT resources.

In 2023, at the direction of the AVP/CIO of Information Technology, UM began redeveloping IT policies and standards under a new framework based on NIST CSF.   For questions about this process, please contact the Information Security Office, attn Chief Information Security Officer.

UM IT POLICY AND STANDARDS FRAMEWORK

  • UM Acceptable Use of Technology Resources Policy

  • UM Data Governance Policy

    • UM Data Classification and Stewardship Standard

    • UM Data Security Standard

    • UM General Record Retention Schedule

    • UM Data Retention Standard

    • UM Data Disposal and Media Sanitization Standard

  • UM IT Governance Policy

    • UM Information Security Advisory Council

  • UM IT Security Policy

    • UM Information Security Program

    • UM Vulnerability Management Standard

    • UM Web Application Security Standard

    • UM Electronic Communications Standard

    • UM Network Security Standard

    • UM Information Systems User Security Standard

    • UM Account Security Standard

    • UM Clean Desk Clear Screen Standard

    • UM Cloud Computing Security Standard

    • UM IT Asset Management Standard

    • UM Endpoint Management and Protection Standard

    • UM Identity and Access Management Standard

    • UM Dormant Account and Audit Standard

    • UM Logon Notification Banner Standard

    • UM Identity Verification and Proofing Standard

  • UM IT Procurement Policy

    • UM IT Purchasing Procedure
    • UM IT Vendor Risk Management Standard

  • UM IT Risk and Compliance Management Policy

  • UM IT Incident Response Policy

    • UM IT Disaster Recovery Standard
    • UM IT Incident Response Standard

UM IT Secure Documentation Access

For enhanced security and protection of sensitive information, the following IT documents are securely housed within an internal SharePoint site managed by the UM IT department:

  • Information Security Plan
  • IT Incident Response Plan
  • IT Disaster Recovery/Business Continuity Plan

If you require access or have queries related to these documents, contact the UM IT Information Security office via email: InfoSec@umontana.edu.

Previously published policies, standards, and guidelines

UM IT Policies
MUS Information Technology Policy - Section 1300
Electronic and Information Technology Accessibility
 Domain names
Telecommunications infrastructure
Student web space
Web servers
Web standards

UM Information Security Awareness
Policy | Training Procedures

UM Assigned Administrative Privileges
Standards