The University of Virginia is committed to preventing incidents that may impact the confidentiality, integrity, and availability of information and IT resources. In accordance with the Information Security of University Technology Resources policy, all units and departments are required to complete an annual information security risk assessment (IS-RM) to evaluate the effectiveness of their IT security controls within their environments.
We are in the third year since the risk assessment became an annual requirement. This year's assessment focuses mostly on asset inventory which is number one in the CIS Top Twenty Critical Controls.
You can receive a copy of the inventory formats being requested below: