New Security Standards Now Available

The best way to keep Ohio State’s information systems safe is by working together. That’s why Enterprise Security has released updated versions of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR).

  • Information Security Standards (ISS version 1.2) provide risk management objectives and security controls for all university information systems.
  • Information Security Control Requirements (ISCR version 1.2.1) provide detailed implementation guidance for the security controls outlined in the Information Security Standard.

“The new documents were reviewed by subject matter experts from 25 departments on campus,” said Jim Herbeck, the technical lead for the Information Risk Management Program. “They greatly improve the documents’ quality by providing essential feedback about requirements that may be too vague or too restrictive to be implemented in some environments.”


The new documents can be found in two locations:

  1. The Information Security website, in the right sidebar; and
  2. The Information Risk Management BuckeyeBox folder.

The Information Risk Management BuckeyeBox folder also includes a detailed list of the changes made in ISS version 1.2 and ISCR version 1.2.1. Any university faculty or staff may request access to the Information Risk Management BuckeyeBox folder by emailing


Tagged with: