Why EM16?
In an ever-changing world of cybersecurity threats, organizations, not just Universities, but financial institutions, social media, and other online services are implementing these strategies to mitigate risk and protect user data.
These strategies are commonly defined through formal policies that govern the organization's information systems, data, and processes and guide the organization's operations. Implementation of EM16 helps address the following areas to improve and sustain our cybersecurity posture at the University through:
Research Compliance
Many of our research projects come with significant compliance requirements both federally and from other agencies. These requirements include cybersecurity tools and controls as well as a complete library of NIST compliant policies.
Personal and Academic Data Protection
Our students, faculty, staff, and our governmental partners expect a robust cybersecurity program to effectively protect personal and academic data. In order to be eligible for federal funding, including financial aid programs, the University will be required to demonstrate compliance with NIST cybersecurity frameworks including a complete library of cyber policies.
Business Relevance
Our business partners are requiring the deployment of a robust cybersecurity program as evidence that we are able to sustain operations during any cyber event. This optimizes our business efficiency both in purchasing power and other business practices.
ITS Policy Refresh (EM16, ITS Standards)
Executive Memorandum 16, the Policy for Responsible Use of University Computers and Information Systems, was signed and went into effect in May 2022.
Executive Memorandum 16 reflects a desired future state for the organization. Currently not all the necessary organizational and technical systems are in place today to meet the requirements in the new or revised policies. ITS senior leadership has determined that a strategy and timeline for the implementation of the organizational and technical systems is necessary to enable all areas of the University of Nebraska System to meet these new requirements.
Milestones
- May 11, 2022 - EM 16 ratified
- May 2023 - All endpoints enrolled
- July 1, 2025 - Duplicate systems and services deprovisioned
See the Implementation Timeline for more specific dates and details.
Key Stakeholders
These policies and standards are to be applied to all University services, stakeholders, constituents, and affiliates. Due to the unique partnership that the University of Nebraska Medical Center maintains with Nebraska Medicine, UNMC may be explicitly excluded from clauses where conflicting language, practices, or procedures exist with Nebraska Medicine’s published documents. This Policy supersedes and takes precedence over any conflicting, contradictory, or inconsistent campus, college, school, department, or faculty policies, statements, guidelines, or guidance.