Information Technology Policies Under Review

IT policies and standards are regularly reviewed and updated as needed, in accordance with Development of University Policy (SPG 601.35), the Procedures for Development of University Policy, and the IT Policy Development and Administration Framework.

The IT policies and standards below are currently under revision or development. Drafts, where available, are open for review. Members of the university community are welcome to provide feedback at [email protected].

Policies and Standards Under Review

Network Security (DS-14) - REVISION

  • Revision stage: The standard is being revised to include new requirements for Network Security. 
  • Summary of proposed changes is available for review (U-M login required). Contact [email protected] with questions and comments.
  • TARGET COMPLETION DATE: Winter 2025.

Security Log Collection, Analysis, and Retention (DS-19) - REVISION

  • Revision stage: This standard is being revised to include revised requirements for Security Log Collection, Analysis, and Retention.
  • Summary of proposed changes is available for review (U-M login required). Contact [email protected] with questions and comments.
  • TARGET COMPLETION DATE: Winter 2025.

Institutional Data Resource Management (SPG 601.12) - REVISION

  • Revision stage: This policy is being updated to reflect updates to technology and the U-M Data Governance Framework.
  • Executive summary is available for review (U-M login required). Contact [email protected] with questions and comments.
  • TARGET COMPLETION DATE: Winter 2025.

Recently Updated Policies and Standards

IP Addressing (601.15) and Domain Naming (SPG 601.15-1)

  • IP addressing has become a common practice that does not require SPG-level oversight, while the complexity of domain naming has outgrown the parameters specified in the policy. SPG 601.15 and SPG 601.15-1 have been merged into one streamlined policy. See the Executive Update Summary for more details (U-M login required)
  • UPDATE DATE: July 25, 2024.

Endpoint Security Administration (DS-23)

  • The Endpoint Security Administration (DS-23) standard focuses on required security measures for all university-owned systems, including broad implementation of enterprise enhanced endpoint protection (CrowdStrike Falcon); adherence to principle of least functionality; and creating and maintaining an inventory of university-owned systems. See the Executive Summary for more details (U-M login required).
  • UPDATE DATE: December 4, 2024.