UPPM Revision #651
February 3, 2026
This UPPM revision includes the following changes:
87.03 Account, Identity, and Authentication Management
This new policy sets forth the roles, responsibilities, and requirements to ensure WSU’s compliance with applicable standards regarding account, identity, and authentication management.
87.05 Access Control and Authorization
This revision reduces the risk of unauthorized access to information systems and institutional data by establishing criteria related to access control and authorization, including specific requirements for moderate- and high-impact systems.
87.10 Electronic Device (Endpoint) Security
This revision sets forth requirements for the use of WSU-owned or employee-owned endpoints (including but not limited to smartphones, tablets, and computers) for the purpose of creating, storing, transmitting, and protecting institutional data. This revision includes removal of UPPM 87.11.
87.12 Network Security
This revision safeguards the security of WSU’s network infrastructure to protect WSU data, ensures the integrity of WSU’s IT environment, and supports WSU’s critical academic, research, and business functions.
87.23 Control Exception
This new policy sets forth requirements for requesting a temporary exception from a WSU information security policy or standard. By allowing limited exceptions, WSU supports its goals of facilitating innovation and operational efficiency while safeguarding data and technology resources.
87.32 Business Applications Security
This new policy establishes comprehensive security and privacy requirements for business applications used by WSU to protect WSU’s critical administrative, research, and academic systems.
87.33 Encryption Security
This new policy sets forth encryption requirements, including what types of data must be encrypted, methods of encryption, and ensures compliance with industry standards and applicable laws.
87.40 System and Information Integrity
This revision establishes the requirements to prevent, detect, and correct vulnerabilities across WSU’s systems.
87.42 Anti-Malware
This new policy sets forth requirements for an anti-malware program with updated protection, centralized monitoring, and automated threat response, with additional controls for high-impact systems.
87.51 Remote Access
This new policy sets forth roles, responsibilities, and requirements for authorizing and managing remote access and ensuring the security of WSU’s network and computer systems, including specific requirements for moderate- and high-impact systems.
87.53 Data Protection and Classification
By establishing clear requirements for all classifications of data, this revision ensures that Institutional Information is carefully managed, maintained, protected, and used appropriately throughout its lifecycle, as well as protected from unauthorized access or disclosure.
87.62 Physical Security
This new policy sets forth requirements for facility access, security, and environmental controls to ensure the safety, security, and reliability of WSU’s IT infrastructure.
87.65 Software Development
This new policy ensures that information security and user privacy considerations are integrated within the entire software development lifecycle.
87.72 System Decommission and Data Destruction
To minimize the risk of unauthorized access, data breaches, and potential institutional liability, this new policy requires that all retired systems, devices, and applications are securely decommissioned, and data is permanently removed or destroyed.