Skip to Content

All University of South Carolina system institutions will be closed through the end of the spring semester. Columbia campus virtual instruction will continue through the conclusion of final exams in May. Details can be found on the coronavirus landing page.

Division of Information Technology

Minimum Security Standards

The list of imaginable threats–and possible countermeasures–is limitless. However, resources to address them are not.  The University Information Security Office values practical, evidence-based solutions. The Minimum Security Standards are a result of that practice.

Methodology

Our methodology starts with incidents handled by the Incident Response team. We merge our information with data collected from across Higher Education. Combined, we have an accurate picture of the top threats facing our industry.

We then evaluate safeguards based on effectiveness, cost, and productivity impact. After countless hours of research and consideration, we select the best protection options. Those become Minimum Security Standards.

You should implement the Minimum Security Standards before committing resources to other information security issues. Please note, this is not an exhaustive list of otherwise responsible IT practices. Nor does it absolve you of regulatory or contractual obligations, such as HIPAA, PCI, and some research arrangements. In these cases, you should prove compliance while meeting the Minimum Security Standards.

Apply each standard according to the asset type (e.g. Server vs. Endpoint) and the data classification (e.g. Public vs. Confidential). Unless stated otherwise, units may meet a standard's goal however they see fit. We list options for informational purposes only. The few required technologies or practices allow us to conduct Incident Response and administer the Security Program.


Challenge the conventional. Create the exceptional. No Limits.

©