{"id":30014,"date":"2026-04-09T08:00:00","date_gmt":"2026-04-09T12:00:00","guid":{"rendered":"https:\/\/michigan.it.umich.edu\/news\/?p=30014"},"modified":"2026-04-08T12:51:43","modified_gmt":"2026-04-08T16:51:43","slug":"2025-it-policy-and-standard-updates","status":"publish","type":"post","link":"https:\/\/michigan.it.umich.edu\/news\/2026\/04\/09\/2025-it-policy-and-standard-updates\/","title":{"rendered":"2025 IT Policy and Standard Updates"},"content":{"rendered":"\n<div class=\"wp-block-media-text is-stacked-on-mobile\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"240\" height=\"160\" src=\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png\" alt=\"Image of a notepad with the word policy written on it.\" class=\"wp-image-30015 size-full\"\/><\/figure><div class=\"wp-block-media-text__content\">\n<p>As the university\u2019s digital environment evolves in response to global technological developments and the needs of the U-M community, so do our cybersecurity practices and underlying IT policies and standards.<\/p>\n<\/div><\/div>\n\n\n\n<p>Here is a roundup of the IT policies and standards that were updated in 2025:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-14\">Network Security (DS-14)<\/a>: updated in February 2025 to establish requirements for use of the U-M network and VPN, update roles and responsibilities, and strengthen network protection mechanisms.<\/li>\n\n\n\n<li><a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-19\">Security Log Collection, Analysis, and Retention (DS-19)<\/a>: updated in June 2025 to incorporate changes in logging configuration requirements.<\/li>\n\n\n\n<li><a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-22\">Access, Authorization, and Authentication Management (DS-22)<\/a>: updated in June 2025 to require two-factor authentication for remote access to U-M systems.<\/li>\n\n\n\n<li><a href=\"https:\/\/spg.umich.edu\/policy\/601.12\">Institutional Data Stewardship Policy (SPG 601.12)<\/a>: revised in August 2025 to reflect changes to technology and the U-M Data Governance Framework.<\/li>\n\n\n\n<li><a href=\"https:\/\/spg.umich.edu\/policy\/601.25\">Information Security Incident Reporting (SPG 601.25)<\/a>: updated in August 2025 to make it clearer and more concise.<\/li>\n\n\n\n<li><a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-16\">Information Assurance Awareness, Training, and Education (DS-16)<\/a>: updated in October 2025 to clarify annual training requirements for faculty, staff, and workforce members.<\/li>\n\n\n\n<li><a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-23\">Endpoint Security Administration (DS-23)<\/a>: updated in November 2025 to include a requirement for information security support.<\/li>\n<\/ul>\n\n\n\n<p>In early 2026, we published an update to&nbsp;<a href=\"https:\/\/spg.umich.edu\/policy\/601.33\">Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)<\/a>&nbsp;to adjust the definition of sensitive university data in alignment with&nbsp;<a href=\"https:\/\/spg.umich.edu\/policy\/601.12\">Institutional Data Stewardship Policy (SPG 601.12)<\/a>&nbsp;and the university&nbsp;<a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/safely-use-sensitive-data\/classification-levels\">data classification levels<\/a>.<\/p>\n\n\n\n<p>Later in the year, we are queuing up reviews and revisions of \u00a0<a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-21\">Vulnerability Management (DS-21)<\/a>\u00a0and\u00a0<a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/DS-12\">Disaster Recovery Planning and Data Backup for Information Systems and Services (DS-12)<\/a>.<\/p>\n\n\n\n<p>To stay up to date on recent and upcoming IT policy and standard revisions, visit the\u00a0<a href=\"https:\/\/it.umich.edu\/information-technology-policies\/policies-under-review\">Information Technology Policies Under Review<\/a>\u00a0page on the VPIT-CIO website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As the university\u2019s digital environment evolves in response to global technological developments and the needs of the U-M community, so do our cybersecurity practices and underlying IT policies and standards. Here is a roundup of the IT policies and standards that were updated in 2025: In early 2026, we published an update to&nbsp;Personally Owned Devices that Access or\u2026 <span class=\"read-more\"><a href=\"https:\/\/michigan.it.umich.edu\/news\/2026\/04\/09\/2025-it-policy-and-standard-updates\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":173,"featured_media":30015,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_umich_oidc_access":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_ef_editorial_meta_date_first-draft-date":"","_ef_editorial_meta_paragraph_assignment":"","_ef_editorial_meta_checkbox_needs-photo":"","_ef_editorial_meta_number_word-count":"","footnotes":""},"categories":[27],"tags":[1212,63,1162],"class_list":["post-30014","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-safe-computing","tag-it-policy","tag-policy","tag-policy-update"],"uagb_featured_image_src":{"full":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"medium":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"medium_large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"1536x1536":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"2048x2048":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"excerpt-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026-200x140.png",200,140,true],"themonic-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026-60x42.png",60,42,true],"ioslider-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"post-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false],"400x250-crop":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2026\/04\/Policy_Image_SCNews_Wint_2026.png",240,160,false]},"uagb_author_info":{"display_name":"Svetla Sytch, ITS Privacy Office","author_link":"https:\/\/michigan.it.umich.edu\/news\/author\/ssytch\/"},"uagb_comment_info":0,"uagb_excerpt":"As the university\u2019s digital environment evolves in response to global technological developments and the needs of the U-M community, so do our cybersecurity practices and underlying IT policies and standards. Here is a roundup of the IT policies and standards that were updated in 2025: In early 2026, we published an update to&nbsp;Personally Owned Devices&hellip;","_links":{"self":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/30014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/users\/173"}],"replies":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/comments?post=30014"}],"version-history":[{"count":3,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/30014\/revisions"}],"predecessor-version":[{"id":30026,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/30014\/revisions\/30026"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media\/30015"}],"wp:attachment":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media?parent=30014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/categories?post=30014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/tags?post=30014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}