Northeastern University Security Standards
Northeastern University has established a comprehensive framework of security standards designed to protect the institution’s information assets and infrastructure. These standards are directly linked to the Policy on Information Technology System Security (709) and represent the minimum requirements standards laid out by the Office of Information Security. Built upon a carefully selected subset of NIST 800-171 controls, these standards provide specific operational criteria across fourteen critical security domains, from media protection and personnel security to incident response and system integrity.
Northeastern University Media Protection Standard
This standard establishes the minimum media protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of NU.
Northeastern University Personnel Security Standard
This standard establishes the minimum personnel security criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Physical Protection Standard
This standard establishes the minimum physical protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Risk Assessment Standard
This standard establishes the minimum risk assessment criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Security Assessment Standard
This standard establishes the minimum security assessment criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University System and Communications Protection Standard
This standard establishes the minimum system and communications protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Identification and Authentication Standard
This standard establishes the minimum identification and authentication criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Incident Response Standard
This standard establishes the minimum incident response criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Access Control Standard
This standard establishes the minimum access control criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Awareness and Training Standard
This standard establishes the minimum awareness and training criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Configuration Management Standard
This standard establishes the minimum configuration management criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Audit and Accountability Standard
This standard establishes the audit and accountability criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of NU.
Northeastern University System and Information Integrity Standard
This standard establishes the minimum system and information integrity criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of NU.
Northeastern University Maintenance Standard
This standard establishes the minimum maintenance criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of NU.