Topics Map > Policies
Security Responsibilities for Distributed IT
Guidance on IT security responsibilities for IT professionals outside of the IT Division
Anyone running information systems or services at NDSU is expected to do the following:
- Maintain working knowledge of contemporary security practices.
- Maintain working knowledge of relevant policy and law.
- Implement all basic requirements found in NIST 800-171 Rev. 3.
- Design systems and services based on zero trust security model.
- Comply with applicable state and federal laws.
- Comply with North Dakota University System policy.
- Comply with NDSU policy.
- Actively participate in relevant professional groups on campus, especially IT Technical Professionals and the Cybersecurity Group.
- Report any security incidents to NDSU IT security and work with IT Division staff on remediation.
- Provide IT with contact information for after hour, weekend, and holiday emergency coordination.
- Promptly remediate any identified vulnerabilities.
- Assess all derived requirements in NIST 800-171 Rev. 3 and implement those that are appropriate to the services you are running.
The responsibilities above are ongoing activities. Designs, processes, and compliance must be continually reassessed and adjusted to address new and evolving threats.