Rule Administrator: Chief Information Security Officer

8.11 – Social Security (FICA)

University employees, except those with federal appointments or non-resident aliens with tax treaty exceptions, are covered by social security.  Student and graduate student employees who maintain part-time enrollment are generally exempt from Social Security and Medicare tax under the IRS Student Exemption Regulation.  Payment is made by monthly payroll deduction at a rate set by…
Continue reading “8.11 – Social Security (FICA)” »

15.50 – NMSU Institutional Data Security

A. Purpose This Rule provides for the secure management of NMSU institutional data.   B. Rule 1. Definition of Institutional Data Institutional data is defined as all information, documents and other data, regardless of physical form or location that is used, created, received, maintained or held by or on behalf of NMSU in the course…
Continue reading “15.50 – NMSU Institutional Data Security” »

15.51 – NMSU Account Password Requirements

PART 1: PURPOSE To protect the integrity of NMSU IT resources and data, account passwords must be utilized which comply with NMSU IT standards.  This rule specifies the general requirements, and links to the more specific standards required, based on the level of authorized access per user.  Users of any NMSU-authorized account which accesses NMSU…
Continue reading “15.51 – NMSU Account Password Requirements” »

15.52 – Computer Virus Scan Software

A. Purpose To specify the requirements for virus scan software installed on NMSU network-connected desktop/laptop computers and other portable computing devices.   B. Rule Any desktop/laptop computer or other portable computing device connected to NMSU network infrastructure shall have operational antivirus software installed and updated as appropriate. Where appropriate, servers using network infrastructure should have…
Continue reading “15.52 – Computer Virus Scan Software” »

15.53 – NMSU Server Administration and Operation

A. Purpose This Rule addresses servers connected to the NMSU network. It specifies who is eligible for accounts, security maintenance requirements and the Rule for reporting server break-ins.   B. Rule Account eligibility and account maintenance: Account maintenance shall be in accordance with university policies and procedures. In general, computer accounts are limited to NMSU…
Continue reading “15.53 – NMSU Server Administration and Operation” »

15.54 – Computer Operating System Critical Updates

A. Purpose This Rule details the requirements for critical updates to university network-connected computers.   B. Rule All computers using NMSU network infrastructure are required to have all applicable critical updates applied within 10 days of their release. It is the responsibility of the computer owner to ensure that all critical updates are applied to…
Continue reading “15.54 – Computer Operating System Critical Updates” »

15.62 – Protection of Federal Information; FISMA Compliance

PART 1:  PURPOSE Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency,…
Continue reading “15.62 – Protection of Federal Information; FISMA Compliance” »

15.63 – Protection of Customer Information; GLBA Compliance

PART 1:  PURPOSE As directed by RPM 2.90, Information Data Security, NMSU administration adopts this rule for the purpose of safeguarding the privacy of non-public personal information it may receive pertaining to its students and employees, in compliance with the Gramm-Leach-Bliley Act, as may be amended, and with other applicable regulations (e.g. the Federal Trade…
Continue reading “15.63 – Protection of Customer Information; GLBA Compliance” »

15.64 – Social Security Numbers, Use of

Each applicant must possess a social security card in order to be employed.  If an applicant does not have a social security card or requests the use of a name that is different in any way from the name on the card, it is the responsibility of the applicant to have the matter corrected at…
Continue reading “15.64 – Social Security Numbers, Use of” »

15.71 – Acquisition of Software Systems

A. Purpose This Rule specifies the approval requirements for the purchase of software systems that interact with university data.   B. Rule The acquisition of any software system that interacts with university data or has enterprise-wide impact requires approval by the appropriate university data custodian(s), Procurement Services Office and the university’s central computing department, ICT. …
Continue reading “15.71 – Acquisition of Software Systems” »