Draft IT Standards

Enterprise Technology Cybersecurity (ET Cybersecurity) is releasing a draft of ASU’s new Information Security Standards—a unified approach to cybersecurity compliance across the university.

Access the draft standards (ASU login required) here: Link to Draft Standards

Purpose of the Standards

ASU must comply with a broad range of data regulations, privacy laws, and Department of Defense requirements. To streamline efforts, we consolidated these obligations into a single, cohesive set of standards. This initiative reduces fragmentation and creates a common foundation for secure operations.

To support this work, ET Cybersecurity engaged an experienced contractor, including a PCI DSS Certified QSA (Qualified Security Assessor). This credential authorizes professionals to assess organizations against one of the most stringent security frameworks. Their involvement ensures that our standards align with regulatory best practices and are practically applicable across ASU’s diverse environments.

What You Need to Know

The draft standards are open for review and feedback. We encourage your input and collaboration.
Some systems may not currently comply. That’s anticipated. An Exception Process and Risk Register will support documented, temporary non-compliance.
Immediate compliance is not expected—adoption will require time, planning, and resources. These standards can also support funding requests for future alignment.

Over time, adherence to these standards will be expected across units. ET Cybersecurity will provide guidance, resources, and engagement throughout this transition.

Looking Ahead

Detailed Knowledge Base (KB) articles will accompany these standards, offering step-by-step implementation guidance. These resources will be published in phases over the coming weeks to ensure clarity and usability as teams prepare for alignment.

We appreciate your engagement and partnership in building a stronger, more secure ASU.