Control Description Data Protection Classification
Level 1 Level 2 Level 3 Level 4
SCP-1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. recommended required essential essential
SCP-2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. required required essential essential
SCP-8 Implement cryptographic mechanisms to prevent unauthorized disclosure of the University’s data during transmission unless otherwise protected by alternative physical safeguards. optional recommended essential essential
SCP-10 Establish and manage cryptographic keys for cryptography employed in organizational systems required required essential essential
SCP-11 Employ University approved cryptography when used to protect the confidentiality of the University’s data. optional recommended essential essential
SCP-14 Control and monitor the use of Voice over Internet Protocol (VoIP) technologies recommended recommended required essential
SCP-15 Protect the authenticity of communications sessions. recommended recommended essential essential
SCP-16 Protect the confidentiality of the University’s data at rest. optional recommended essential essential