Updates to Information Security Standard (ISS) And Information Security Control Requirements (ISCR)

An ongoing challenge to managing information security at Ohio State is making sure university organizations comply with federal and state regulations regarding privacy and security. That’s why Enterprise Security has released updated versions of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR):

  • The Information Security Standard (ISS version 1.4) provides risk management objectives and security controls for all university information systems.
  • The Information Security Control Requirements (ISCR version 1.4.1) provide detailed implementation guidance for the security controls outlined in the Information Security Standard.

The updated documents include additional controls and requirements that align our Information Risk Management Program with the federal government's new rules for protecting Controlled Unclassified Information (CUI) as described in NIST Special Publication 800-171. Being able to comply with 800-171 and the new CUI regulations will become increasingly important for Ohio State’s research community, as government-funded research contracts are increasingly requiring researchers to protect their data. 

The documents were reviewed by over 100 subject matter experts from 29 university departments. We greatly appreciate this level of participation and consider it an indication of the commitment our campus community has to improving information security at Ohio State.

The updated documents can be found on Enterprise Security’s new website, or via the shortened URLs listed below.

Faculty and staff can also access additional information about Ohio State's information security documents in the Information Risk Management BuckeyeBox folder. Any university faculty or staff may request access to the Information Risk Management BuckeyeBox folder by emailing riskmgmt@osu.edu.