Cybersecurity Baseline and Identity and Authentication Rule
The Office of Information Technology (OIT), with input from many campus stakeholders, has developed two new rules — the Cybersecurity Baseline and the Identity and Authentication Rule. These forthcoming rules set campuswide baseline controls as well as identity and authentication requirements that must be met to protect university data and IT resources.
Timeline
The rules are expected to be issued this summer with an effective date at the end of December.
What You Need to Know
- Both rules apply to all students, faculty, staff, and any other individuals with access to university IT resources and any technology, including personal devices, used to access IT resources.
- Exception requests require approval and must be submitted through the IT Exception Request Form.
- The rules push NC State one step closer to meeting the NIST 800-171 framework as well as research obligations, such as CMMC Level 1 and the FAR Basic Safeguarding clause.
IT Staff
You should review the rules and supplemental guidance, identify and amend any technical gaps in your area, and communicate changes and expectations with your leadership and affected community.
Students
You should understand basic cyber hygiene, like password best practices, software updates and physical security, as well as how to report potential cybersecurity incidents.
Faculty, Staff and Others
You share the same responsibilities as students, with additions like understanding access control and completing data security training. Opt for university-owned and managed devices over personal ones to help you comply with the rules.
Cybersecurity Baseline
This is a minimum baseline. Additional cybersecurity or compliance requirements may need to be met depending on individual situations.
Identity and Authentication Rule
The rule notes identity and authentication requirements depending on low, medium and high account risk levels.
Next Steps
- OIT Town Hall: July 23 at 2 p.m.
- Have concerns about meeting these requirements? Let us know so we can help you prepare.
- IT staff should contact S&C via the NC State IT Service Portal or call 919.515.HELP (4357).
- Students, faculty, staff and others should contact their local IT. If you aren’t sure who to contact, reach out to the Help Desk.