IT policies and standards are regularly reviewed and updated as needed, in accordance with Development of University Policy (SPG 601.35), the Procedures for Development of University Policy, and the IT Policy Development and Administration Framework.
The IT policies and standards below are currently under revision or development. Drafts, where available, are open for review. Members of the university community are welcome to provide feedback at [email protected].
Policies and Standards Under Review
Secure Coding and Application Security (DS-18)
- The Secure Coding and Application Security (DS-18) standard is being revised to update and reorganize requirements. See the revision draft for details (U-M login required).
- TARGET UPDATE: Summer 2026.
Recently Updated Policies and Standards
Vulnerability Management (DS-21)
- The Vulnerability Management (DS-21) standard was revised to introduce a requirement to implement the enterprise vulnerability management service on UM-owned devices, update vulnerability prioritization, establish an exception process, and refresh guidance. See the revision draft for details (U-M login required).
- UPDATE DATE: July 1, 2026.
Security of Personally Owned Devices that Access or Maintain Sensitive University Data (SPG 601.33)
- Security of Personally Owned Devices that Access or Maintain Sensitive University Data (SPG 601.33) has been revised to align with the recently updated Institutional Data Stewardship Policy (SPG 601.12). See revision draft for details (U-M login required).
- UPDATE DATE: February 16, 2026.