IT policies and standards are regularly reviewed and updated as needed, in accordance with Development of University Policy (SPG 601.35), the Procedures for Development of University Policy, and the IT Policy Development and Administration Framework.
The IT policies and standards below are currently under revision or development. Drafts, where available, are open for review. Members of the university community are welcome to provide feedback at [email protected].
Policies and Standards Under Review
Vulnerability Management (DS-21)
- The Vulnerability Management (DS-21) standard is being revised to introduce a requirement to implement the enterprise vulnerability management service on UM-owned devices, update vulnerability prioritization, establish an exception process, and refresh guidance. See the revision draft for details (U-M login required).
- TARGET UPDATE: Summer 2026.
Secure Coding and Application Security (DS-18)
- The Secure Coding and Application Security (DS-18) standard is being revised to update and reorganize requirements. See the revision draft for details (U-M login required).
- TARGET UPDATE: Summer 2026.
Recently Updated Policies and Standards
Information Assurance Awareness, Training, and Education (DS-16)
- The Information Assurance Awareness, Training, and Education (DS-16) standard was revised to clarify annual training requirements for faculty, staff, and workforce members. See the revision draft for details (U-M login required).
- UPDATE DATE: October 29, 2025.
Endpoint Security Administration (DS-23)
- The Endpoint Security Administration (DS-23) standard has been revised to include a requirement for information security support. See the revision draft for details (U-M login required).
- UPDATE DATE: November 18, 2025.
Security of Personally Owned Devices that Access or Maintain Sensitive University Data (SPG 601.33)
- Security of Personally Owned Devices that Access or Maintain Sensitive University Data (SPG 601.33) has been revised to align with the recently updated Institutional Data Stewardship Policy (SPG 601.12). See revision draft for details (U-M login required).
- UPDATE DATE: February 16, 2026.