These university wide policies and standards apply to all FIU affiliates and support the Information Security Office’s work to protect data and systems.
Policies
These policies serve as the foundation for the university's information security office.
Configuration Management Plan
FIU's Enterprise Standard for configuration management reflects the university's responsibility to protect a wide range of information assets, including sensitive data governed by legal and regulatory requirements. To safeguard these assets, the Division of Information Technology (DoIT) has established minimum-security standards for desktops, laptops, mobile devices and other endpoints. These standards help ensure the availability, confidentiality and integrity of critical university data.
FIU's configuration management plan supports this goal by setting clear guidelines for configuring and managing endpoint devices. The plan applies to moderate and high-impact information systems and aligns with NIST Special Publication 800-53 CM-9
The plan covers infrastructure and applications housed in DoIT's Data Center and cloud production environments, as well as non-production environments used for testing and development. It also applies to university workplace devices, including laptops, desktops, smartphones and tablets. This broad scope ensures consistent application of standards across FIU&'s infrastructure and devices, helping protect the university's information systems.