Northeastern University Security Standards
Northeastern University has established a comprehensive framework of security standards designed to protect the institution’s information assets and infrastructure. These standards are directly linked to the Policy on Information Technology System Security (709) and represent the minimum requirements standards laid out by the Office of Information Security. Built upon a carefully selected subset of NIST 800-171 controls, these standards provide specific operational criteria across fourteen critical security domains, from media protection and personnel security to incident response and system integrity.
Northeastern University Media Protection Standard
This standard establishes the minimum media protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of NU.
Northeastern University Personnel Security Standard
This standard establishes the minimum personnel security criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Physical Protection Standard
This standard establishes the minimum physical protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Risk Assessment Standard
This standard establishes the minimum risk assessment criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Security Assessment Standard
This standard establishes the minimum security assessment criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University System and Communications Protection Standard
This standard establishes the minimum system and communications protection criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Identification and Authentication Standard
This standard establishes the minimum identification and authentication criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Incident Response Standard
This standard establishes the minimum incident response criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Access Control Standard
This standard establishes the minimum access control criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Awareness and Training Standard
This standard establishes the minimum awareness and training criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Configuration Management Standard
This standard establishes the minimum configuration management criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Audit and Accountability Standard
This standard establishes the audit and accountability criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University System and Information Integrity Standard
This standard establishes the minimum system and information integrity criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University Maintenance Standard
This standard establishes the minimum system and information integrity criteria to carry out and meet the intent of the directives within Northeastern University’s Information Security Policy. This standard applies to all organizations (e.g., academic entities, entities other than Colleges and Departments, legally separate but wholly owned entities) of Northeastern University.
Northeastern University PCI DSS SAQ A Information Security Standard
This Payment Card Industry Data Security Standard establishes requirements for Northeastern University to maintain PCI DSS Self-Assessment Questionnaire A (SAQ A) compliance for card-not-present transactions where all payment processing is fully outsourced to PCI DSS compliant third-party service providers.
Northeastern University Systems and Software Development Life Cycle Standard
The purpose of this Software Development Life Cycle Standard standard is to describe the minimum requirements for ensuring systems and software security engineering principles are applied to systems and applications processing, storing, or transmitting Northeastern University data. The SDLC is designed to support the development of trustworthy, secure, and resilient systems and software across the full development lifecycle. Additionally, this standard seeks to support compliance with all applicable regulatory, statutory, federal, and/or state guidelines.
Read the Systems and Software Development Life Cycle Standard >