黑料社区

Skip Navigation
University of Maryland Global Campus University of Maryland Global Campus
  • Locations
    • U.S. Locations
    • Learn Online
  • Get Help
    • Find Answers
    • Chat Now
    • Email Us
  • 855-655-8682
  • Current Students
Login
Request Info
  • Leadership & Governance
    Leadership & Governance
    • Office of the President
    • Strategic Plan
    • Boards and Committees
    • Executive Committee
    • Maryland Cybersecurity Council
    • Shared Governance
    • Academic Advisory Board
    • Adjunct Faculty Association
    • Student Advisory Council
    Related Links
    • Awards and Recognition
    • Mission and History
    • Regional Accreditation
    • University System of Maryland Membership
  • Arts
    Arts
    • Arts Program
    • Art Exhibitions
    • Art Collections
    • Art Talks
    • Art Galleries and Hours
    • UMGC TV
  • Policies & Reporting
    Policies & Reporting
    • Institutional Data
    • Facts at a Glance
    • Fact Book and Fact Sheet Archive
    • Policies
    • Academic Affairs Policies
    • Administration Policies
    • External Relations Policies
    • Faculty Policies
    • Fiscal and Business Affairs Policies
    • General Policies
    • Human Resources Policies
    • Info Governance, Security & Technology Policies
    • Research Policies
    • Student Affairs Policies
    • Fair Practices
    • Sexual Misconduct (Title IX)
    • Suspected Child Abuse and Neglect
  • Jobs At t 黑料社区
    Jobs At t 黑料社区
    • New Hire Orientation
    • New Hire Onboarding
    • Benefits Enrollment Information
    • Retirement Enrollment Information
  • UMGC Blog
  • UMGC Podcast
    • U.S. Locations
    • Learn Online
    • Find Answers
    • Chat Now
    • Email Us
  • 855-655-8682
  • Current Students
Request Info
Skip to Menu Toggle Button

UMGC Policy X-1.21 UMGC Policy on Information System and Communication Protection

  1. University of Maryland Global Campus
  2. Administration
  3. Policies & Reporting
  4. Policies
  5. Info Governance, Security, & Technology Policies
  6. Information System and Communication Protection

EXPLORE MORE OF UMGC

  • Administration
    • Policies & Reporting
      • Policies
        • Info Governance, Security, & Technology Policies
Policy CategoryPolicy OwnerVersion Effective DateReview CycleLast ReviewedPolicy Contact
X. Information Governance, Security & TechnologySVP, General Counsel, and Chief People OfficerJune 11, 2025Every 2 yearsJune 11, 2025Information Governance
  1. Purpose
    The purpose of this Policy is to establish information security standards of identification, management, and control of all University of Maryland Global Campus Information Technology Resources that store or transit Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), or other forms of High Risk Data.
  2. Scope and Applicability
    This Policy applies to all University Information Systems and Information Technology Resources. All Users are responsible for adhering to this Policy.
  3. Definitions
    Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.
  4. Information System and Communications Protection
    Information System Stewards or their designee must adhere to this Policy to ensure active identification, management, and control of all University Information Technology Resources that store or transit Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), and other forms of High Risk Data to include:
    1. Monitoring, controlling, and protecting University communications (i.e., Information transmitted or received by University Information Systems) at the external boundaries and key internal boundaries of the Information Systems.
      1. Information System boundary components include, but are not limited to:
        1. gateways,
        2. routers,
        3. firewalls, or
        4. encrypted tunnels.
      2. Restricting or prohibiting interfaces in organizational systems includes, but is not limited to, prohibiting external traffic that appears to be spoofing internal addresses.
    2. Employing architectural designs, software development techniques, and systems engineering principles that promote effective Information security within organizational systems.
    3. Separating User functionality from Information System management functionality.
    4. Preventing unauthorized and unintended Information transfer via shared Information Technology Resources. Verifying that no shared system resource such as cache memory, hard disks, registers, or main memory should be able to pass information from one user to another user.
    5. Implementing subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
    6. Denying network communications traffic by default and allowing network communications traffic by exception (i.e., deny all, permit by exception).
    7. Preventing remote devices from simultaneously establishing non-remote connections with University Information Technology Systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
    8. Implementing cryptographic mechanisms to prevent unauthorized disclosure of High Risk Data during transmission unless otherwise protected by alternative physical safeguards.
    9. Terminating network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. This includes, but is not limited to, deallocating (stopping) TCP/IP addresses or port pairs at the operating system level, and/or deallocating networking assignments at the application system level if multiple application sessions are using a single, operating system-level network connection.
    10. Establishing and managing cryptographic keys for cryptography employed in University Information Technology Systems to include developing processes and technical mechanisms to protect the cryptographic key's confidentiality, authenticity, and authorized use in accordance with industry standards and regulations.
    11. Employing FIPS-validated cryptography when used to protect the confidentiality of High Risk Data.
    12. Prohibiting remote activation of Collaborative Computing Devices and providing indication of devices in use to users present at the device.
    13. Controlling and monitoring the use of mobile code to include ensuring that mobile code such as Java, ActiveX, Flash is authorized to execute on the network in accordance with the University's policy and technical configuration, and unauthorized mobile code is not.
    14. Controlling and monitoring the use of Voice over Internet Protocol (VoIP) technologies.
    15. Protecting the Authenticity of communications sessions.
    16. Protecting the Confidentiality of High Risk Data at rest.
    17. Implementing a policy restricting the publication of High Risk Data on non-UMGC owned, publicly accessible websites (e.g., forums, LinkedIn, Facebook, Twitter).
  5. Exceptions
    Exceptions to this policy should be submitted to Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.
  6. Enforcement
    1. Any Employee, Contractor, or third-party performing duties on behalf of the University with knowledge of an alleged violation of this Policy shall notify Information Security as soon as practicable.
    2. Any Employee, Contractor, or other third-party performing duties on behalf of the University who violates this Policy may be denied access to Information Technology Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.
  7. Standards References
    1. Most recent versions:
      1. USM IT Security Standards
      2. NIST SP 800-171 鈥淧rotecting Controlled Unclassified Information in Nonfederal Systems and Organizations鈥
      3. Cybersecurity Maturity Model Certification (CMMC)
  8. Related Policies
    1. UMGC Social Media Guidelines
    2. UMGC Policy X-1.02 Data Classification
    3. UMGC Policy X-1.04 Information Security
    4. UMGC Policy X-1.05 Information Security Awareness and Training
    5. UMGC Policy X-1.06 Information Security Incident Response
    6. UMGC Policy X-1.07 Audit and Accountability
    7. UMGC Policy X-1.08 IT Resource Configuration Management
    8. UMGC Policy X-1.12 Acceptable Use
    9. UMGC Policy X-1.14 Media Protection
    10. UMGC Policy X-1.15 Maintenance of Information Systems and Technology Resources
    11. UMGC Policy X-1.22 System and Information Integrity
Request Info
Quick Links
  • Academic Calendar
  • Submit Transcripts
  • Request Transcripts
  • Events
  • News
  • Administration
  • FERPA
UMGC For
  • Prospective Students
  • Military & Veterans
  • Current Students
  • Partners
  • Media
Contact Us

855-655-8682
Help Center
More Contact Options
Social Links

Mailing Address
No classes or services at this location
3501 University Blvd. East,
Adelphi, MD 20783

  • Academic Calendar
  • Submit Transcripts
  • Request Transcripts
  • Events
  • News
  • Administration
  • FERPA
  • Prospective Students
  • Military & Veterans
  • Current Students
  • Partners
  • Media

855-655-8682
Help Center
More Contact Options
Social Links

Mailing Address
No classes or services at this location
3501 University Blvd. East,
Adelphi, MD 20783

University of Maryland Global Campus
UMGC is a proud member of the University System of Maryland.
Accessibility Terms & Conditions Consumer Disclosures & Policies Privacy Policy Social Media Guidelines Media Protection Title IX/Sexual Misconduct Report Fraud, Waste & Abuse Sitemap
The appearance of U.S. Department of Defense visual information does not imply or constitute DOD endorsement.
Copyright 漏 2025 University of Maryland Global Campus. All Rights Reserved.

By using our website you agree to our use of cookies. Learn more about how we use cookies by reading our聽Privacy Policy.

|