Regulations on Information Systems Security

Home

Office of General Counsel

Policy Statement Series

Regulations on Information Systems Security

Initially approved July 15, 2005

Updated January 17, 2008

Regulations on Information Systems Security

(Supplemental to Policy Statement #102, Data and Information Security)

It is the policy of the University of North Carolina at Charlotte to safeguard all classified information as required in the National Industrial Security Program Operating Manual (NISPOM). As such, the University has published "University of North Carolina at Charlotte Standard Practice Procedures," which outline the security program at our facility. Those Standard Practice Procedures are maintained in the office of the Facility Security Officer and the Deputy Facility Security Officer.

Additionally, all employees of the University who are involved in the processing of classified information on an Information System (IS), must comply with the following IS Security policies in accordance with NISPOM paragraph 8-101.b.

An Information System Security Manager (ISSM) will be appointed by the Facility Security Officer specifically to manage the IS program within the UNC Charlotte Industrial Security Program (ISP).
The ISSM is the primary point of contact for all matters regarding the processing of classified information on an IS.
The ISSM will publish a Master System Security Plan (SSP) for all ISs to be used for classified processing and obtain the accreditation from the Defense Security Service (DSS) who is the designated approving authority (DAA).
Only accredited ISs may be used for the processing of classified information.
All accredited ISs must be operated in compliance with the Master SSP.
Any employee of the University of North Carolina at Charlotte who fails to comply with facility security procedures, including those defined in the Master SSP, are subject to disciplinary action up to and including termination of employment.

Page Maintained By: Office of General Counsel