Policy Alerts
This page lists any significant updates that have been made to UVA information technology policies, standards, or procedures. By clicking the button below, you can sign-up to receive an emaill notice whenever a new policy alert is created. Unless otherwise noted below, all changes are effective immediately.
We encourage you to review and familiarize yourself with these changes and encourage you to seek assistance from technology experts (i.e. Local Support Partners) in your areas or the UVA Help Desk by emailing 4help@virginia.edu or calling 434-924-4357. Background and additional information about these updated policies, standards, and procedures (PSPs) is on our Information Technology Policies, Standards, & Procedures webpage. For questions or concerns, please speak with your Local Support Partner (LSP) or email us at it-policy@virginia.edu.
Subscribe or manage policy alerts email
Latest IT Policy changes and updates at the University of Virginia:
[Posted: Jun 16, 2021 3:30 PM]
Effective: May 14, 2021
The vulnerability scanning requirement for all network connected managed devices to be scanned has been rescinded for another six months while Information Security works to provide a solution that offers this service as required in the standard.
Please review the details of the exception and its compensating controls as well as the standards to which this exception applies.
[Posted: May 10, 2021 2:15 PM]
The Report an Information Security Incident form and its associated Report an Information Security Incident procedure had non-substantive changes to align the terms and names used to match the current titles and names (e.g., Health System instead of Medical Center), fix broken links, and add to the list of Related Links.
[Posted: Apr 15, 2021 4:45 PM]
The electronically stored information (ESI) release standard and procedure were revised to make the University Records and Information Management (RIM) office the responsible party for
[Posted: Dec 18, 2020 3:30 PM]
Effective: December 18, 2020
The Authentication standard was substantially changed to such degree that it is not possible to list all the changes here. Reviewing the revised standard carefully is highly recommended.
[Posted: Dec 14, 2020 12:00 PM]
Effective: December 8, 2020
The vulnerability scanning requirement for all network connected managed devices to be scanned has been rescinded for six months while Information Security works to provide a process or solution to provide this service as required in the standard.
Please review the details of the exception and its compensating controls as well as the standards to which this exception applies.
[Posted: Nov 24, 2020 3:30 PM]
Effective: November 24, 2020
[Posted: Nov 23, 2020 1:30 PM]
Effective: November 13, 2020
[Posted: Nov 17, 2020 3:00 PM]
Non-substantive change
[Posted: Nov 5, 2020 5:00 PM]
Effective: November 5, 2020
This standard was substantially changed to a degree that it is not possible to list all the changes. Reviewing the revised standard carefully is highly recommended
Changed
- Revised Purpose and Background section to be simpler, shorter, more readable.
- Combined and revised the three sections
-
Security Requirements For Networked Devices,
-
[Posted: Oct 23, 2020 2:00 PM]
Substantivie change: On October 22, 2020, the University of Virginia's Vice-President for Research office emailed and published on their website information about prohibitions on procurement and use of certain software and services. Of particular note for information security, federal regulations (enacted in the 2018 NDAA, Sec.
[Posted: Sep 9, 2020 5:00 PM]
Several changes were made to the University Data Protection Standard 3.0.
Substantive changes:
[Posted: Jul 1, 2020 11:30 AM]
The Electronic Access Requirements (aka Electronic Access Agreement (EAA)) was revised to add: "I will not use UVA IT resources to access or disclose the address, email address or phone number of a student unless I have a legitimate educational interest in that information." and the definition of "legitimate educational interest".
[Posted: Apr 30, 2020 11:30 AM]
Effective April 28, 2020
The Vendor Security Review Standard was revised to add UVA Wise to the Risk Rating and Sign-off tables. The roles at UVA Wise that must review and sign-off on a vendor security review at UVA Wise were added to a new column in these tables.
[Posted: Mar 20, 2020 8:40 AM]
Effective March 20, 2020
Non-Substantive change: The term moderately sensitive data has been changed to sensitive data. The definition remains the same.
Data, records, and files that:
-
may be withheld from release under the Virginia Freedom of Information Act (FOIA),
-
are not public records,
-
do not enable identity theft,
[Posted: Mar 10, 2020 1:45 PM]
Effective February 12, 2020
The External Assessment Review Procedure has been revised based on feedback from a committee of stakeholders. It is now a standard, named the Vendor Security Review Standard.
While it went from a procedure to a standard, most of the requirements from the procedure remain unchanged.
--------- Read More ---------------------
What was changed:
[Posted: Feb 13, 2020 1:45 PM]
The Electronic Access Requirements standard (aka Electronic Access Agreement) had non-substantive changes to fix broken links, add to the list of Related Links and explicitly reference the University's Acceptable Use of the University’s Information Technology Resources (IRM-002) policy in the standard's Purpose and Background section.
[Posted: Jan 28, 2020 10:45 AM]
Our webpage on the ITS Guidance for Use of Personal Accounts or Redirection for University Email has been updated to re-direct you to the ITS webpage on the same topic - ITS Guidance for Use of Personal Accounts or Redirection for University Email (KB0012593) Our webpage listed the same information that was on the ITS webpage, so to reduce confusion and out-of-sync information, we are referring to their webpage.
[Posted: Jan 17, 2020 2:13 PM]
The Accounts Provisioning & Deprovisioning Guidance webpage was edited to removed the table that listed Affiliation, Obtain or Activate Accounts and Account Expiration and redirect readers to the ITS webpage that lists this same information - the ITS Accounts & Access webpage
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.