Annual IT Security Report

The follow procedures are required for people who have been granted Administrative Authority over CEHD computers.

 

  1. Verify Technology Services has an accurate list of computers for which you have Administrative Authority.  (If you replace or turn in a computer during the year, you should notify Arlen Strader so this list can be kept up to date.)
  2. Provide an up-to-date security plan for your systems.  A template is provided on the Administrative Authority Request page
  3. Complete the spreadsheet with the NIST security questions for your systems. (Spreadsheet available on the Administrative Authority Request page.)
    1. As much as possible, any deficiencies should be corrected so the questions can be marked as "Implemented." 
    2. The template includes a few answers of "Not Applicable."  If there are additional questions you believe should be "Not Applicable," provide explanation in the notes.
    3. For any question you can not mark as "Implemented," you must either provide a plan for correcting the problem or request that Dr. Alexander accept the risk for not fully implementing the requirement.  You should include an explanation to Dr. Alexander as to why you have not yet implemented the requirement or why she should accept the risk.
  4. Send your security plan (in Word) and your answers (in Excel) to Arlen Strader by March 1 of each year.
  5. Your documents will be reviewed and feedback will be requested for any unclear or missing information.
  6. Any questions marked as "Accept Risk" or not Implemented will be compiled and sent to Dr. Alexander to approve or reject.  If rejected, the documents will be returned to you to make necessary changes.
  7. Once approved, you will be notified and you will be expected to follow your security plan.  If something needs to change in your security plan before next year's reporting period, you are required to submit the new plan for approval. (E.g., you reported you do not store Confidential data on the computer, but you find that you do need to store such data)

Direct any inquiries regarding the technical aspects of this report to Arlen Strader (strader@tamu.edu)