Main Content


Cybersecurity Policies and Standards 

The following are approved Cybersecurity Policies, Standards and related documents that apply to the Alliance Federation. Change logs record major changes to each document over time (minor changes that do not alter the intent are not recorded).  Feedback related to these documents should be addressed to


SEC-00 Information Security Glossary

Related Documents: 
CHG-00 Change Log


SEC-02 Data Classification Policy

Related Documents: 
CHG-02 Change Log


SEC-03 Data Handling Standard

Related Documents: 
CHG-03 Change Log


SEC-04 Vulnerability Management Standard
Note: Standard is approved in-force but with a transition period until the end of 2023. 

Related Documents: 
CHG-04 Change Log


SEC-05 Cybersecurity Risk Management Policy 
Note: Policy is approved in-force with an implementation project underway 

Related Documents: 
Risk Assessment Procedure
CHG-05 Change Log (policy)
CHG-05b Change Log (Risk Assessment Procedure)


SEC-06 System Logging and Security Monitoring Standard

Related Documents:
CHG-06 Change Log


SEC-07 Network Security Standard

Related Documents:
CHG-07 Change Log


TOU-01 Terms of Use Policy

Related Documents:
CHG-TOU-01 Change Log