Careers @ JSU | News | CARES ACT | Thee Portal | Create/Reset NET ID Password | Campus Software
Give
Careers @ JSU | News | CARES ACT | Thee Portal | Create/Reset NET ID Password | Campus Software
Give

JSU CYBER AWARENESS

JSU CYBER SECURITY | Jackson State University > CUI Security Training Policy
CUI SECURITY TRAINING POLICY

Abstract: This policy outlines Jackson State University’s approach to protecting Controlled Unclassified Information (CUI) by ensuring all personnel receive appropriate security training and controlled access. It aligns with NIST SP 800-171 to maintain compliance and safeguard sensitive data across all systems and users.

Policy Number: 50000.045
Effective Date: 1/25/2017
Review/Revised Date: 3/09/2026
Category: Information Technology
Policy Owner: CIO/Information Technology
Policy Contact: CISO/Information Technology
 

Policy Statement

Jackson State University’s (“JSU” or “University”) Division of Information Technology’s (“DIT”)
intention for publishing a Security Training policy for CUI data to ensure all personnel are properly
trained to perform their security duties and responsibilities to protect the University’s CUI data.

 

Purpose

The purpose of this policy is to implement policies and procedures for granting access to Controlled
Unclassified Information (CUI).

 

Scope

This policy applies to all organization workforce members and all systems, network, and applications
that process, store or transmit CUI. This policy also applies to all vendors, partners, researchers and
contractors.

 

Definitions

  • 5.1. Controlled Unclassified Information (CUI) – is information that requires safeguarding or
    dissemination controls pursuant to and consistent with applicable law, regulations, and
    government-wide policies but is not classified.

 

Responsibilities

The Chief Information Security Officer is responsible for ensuring the implementation of this policy.

 

Policy

All environments involved with CUI must comply fully with the NIST 800-171 standards (either
directly or through compensating controls. Jackson State University and its employees, vendors, and
contractors will implement the following:

 

SECURITY TRAINING:

Ensure that personnel are trained to carry out their assigned information security related duties and responsibilities by:

  • Providing Role based Security Training before authorizing access to the
    information system or performing assigned duties on an annual basis or as
    needed for new hires, or when required by information system changes.
  • Provide all personnel with the means to provide input and feedback on their
    skill gaps and their training needs for their assigned information security-related
    duties and responsibilities.
  • Generate documentation for training(s) attended.

 

Policy Compliance

Failure to comply with this or any other security policy will result in disciplinary actions as per the
Sanction Policy. Legal actions also may be taken for violations of applicable regulations and laws.

 

IT Changes

We reserve the right to modify this privacy statement at any time. We will post the current policy on the Division of Information Technology website. We encourage you review it frequently.

 

Related Standards, Policies, and Processes

Security Awareness Training

  • Information security awareness, education, and training
  • Controls against malware
    Role-Based Security Training
  • Information security awareness, education, and training

Revision History

Policy Created: February 2, 2023

JSU CYBER AWARENESS

Location

1400 John R. Lynch Street
Student Center
Jackson, MS 39217-0280

Phone: 601.979.2241