Control ID |
Control Description | Data Protection Classification | ||||||
Level 1 | Level 2 | Level 3 | Level 4 | |||||
SCP-1 | Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. | recommended | required | essential | essential | |||
SCP-2 | Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. | required | required | essential | essential | |||
SCP-8 | Implement cryptographic mechanisms to prevent unauthorized disclosure of the University’s data during transmission unless otherwise protected by alternative physical safeguards. | optional | recommended | essential | essential | |||
SCP-10 | Establish and manage cryptographic keys for cryptography employed in organizational systems | required | required | essential | essential | |||
SCP-11 | Employ University approved cryptography when used to protect the confidentiality of the University’s data. | optional | recommended | essential | essential | |||
SCP-14 | Control and monitor the use of Voice over Internet Protocol (VoIP) technologies | recommended | recommended | required | essential | |||
SCP-15 | Protect the authenticity of communications sessions. | recommended | recommended | essential | essential | |||
SCP-16 | Protect the confidentiality of the University’s data at rest. | optional | recommended | essential | essential |