{"id":69826,"date":"2026-02-03T09:44:25","date_gmt":"2026-02-03T17:44:25","guid":{"rendered":"https:\/\/policies.wsu.edu\/prf\/?page_id=69826"},"modified":"2026-02-03T09:44:25","modified_gmt":"2026-02-03T17:44:25","slug":"bppm-revision-651","status":"publish","type":"page","link":"https:\/\/policies.wsu.edu\/prf\/bppm-manual-revisions\/bppm-revision-651\/","title":{"rendered":"UPPM Revision 651"},"content":{"rendered":"<div class=\"wsu-row wsu-row--single\" >\r\n    \n<div class=\"wsu-column\"  style=\"\">\r\n\t\n\n<h1>UPPM Revision #651<\/h1>\n<p><strong>February 3, 2026<\/strong><\/p>\n<p>This UPPM revision includes the following changes:<\/p>\n<hr \/>\n<p><b><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-03\/\">87.03<\/a> Account, Identity, and Authentication Management<\/b><\/p>\n<p>This new policy sets forth the roles, responsibilities, and requirements to ensure WSU\u2019s compliance with applicable standards regarding account, identity, and authentication management.<\/p>\n<hr \/>\n<p><b><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-05\/\">87.05<\/a> Access Control and Authorization<\/b><\/p>\n<p>This revision reduces the risk of unauthorized access to information systems and institutional data by establishing criteria related to access control and authorization, including specific requirements for moderate- and high-impact systems.<\/p>\n<hr \/>\n<p><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-10\/\"><b>87.10<\/b><\/a>\u00a0<strong>Electronic Device (Endpoint) Security<\/strong><\/p>\n<p>This revision sets forth requirements for the use of WSU-owned or employee-owned endpoints (including but not limited to smartphones, tablets, and computers) for the purpose of creating, storing, transmitting, and protecting institutional data. This revision includes<strong> removal of\u00a0UPPM 87.11.<\/strong><\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-12\/\">87.12<\/a> Network Security<\/strong><\/p>\n<p>This revision safeguards the security of WSU\u2019s network infrastructure to protect WSU data, ensures the integrity of WSU\u2019s IT environment, and supports WSU\u2019s critical academic, research, and business functions.\u00a0<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-23\/\">87.23<\/a>\u00a0Control Exception<\/strong><\/p>\n<p>This new policy sets forth requirements for requesting a temporary exception from a WSU information security policy or standard. By allowing limited exceptions, WSU supports its goals of facilitating innovation and operational efficiency while safeguarding data and technology resources.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-32\/\">87.32<\/a>\u00a0Business Applications Security<\/strong><\/p>\n<p>This new policy establishes comprehensive security and privacy requirements for business applications used by WSU to protect WSU\u2019s critical administrative, research, and academic systems.\u00a0<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-33\/\">87.33<\/a>\u00a0Encryption Security<\/strong><\/p>\n<p>This new policy sets forth encryption requirements, including what types of data must be encrypted, methods of encryption, and ensures compliance with industry standards and applicable laws.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-40\/\">87.40<\/a>\u00a0System and Information Integrity<\/strong><\/p>\n<p>This revision establishes the requirements to prevent, detect, and correct vulnerabilities across WSU\u2019s systems.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-42\/\">87.42<\/a>\u00a0Anti-Malware<\/strong><\/p>\n<p>This new policy sets forth requirements for an anti-malware program with updated protection, centralized monitoring, and automated threat response, with additional controls for high-impact systems.\u00a0<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-51\/\">87.51<\/a>\u00a0Remote Access<\/strong><\/p>\n<p>This new policy\u00a0sets forth roles, responsibilities, and requirements for authorizing and managing remote access and ensuring the security of WSU\u2019s network and computer systems, including specific requirements for moderate- and high-impact systems.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-53\/\">87.53<\/a>\u00a0Data Protection and Classification<\/strong><\/p>\n<p>By establishing clear requirements for all classifications of data, this revision ensures that Institutional Information is carefully managed, maintained, protected, and used appropriately throughout its lifecycle, as well as protected from unauthorized access or disclosure.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-62\/\">87.62<\/a>\u00a0Physical Security<\/strong><\/p>\n<p>This new policy sets forth requirements for facility access, security, and environmental controls to ensure the safety, security, and reliability of WSU\u2019s IT infrastructure.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-65\/\">87.65<\/a>\u00a0Software Development<\/strong><\/p>\n<p>This new policy ensures that information security and user privacy considerations are integrated within the entire software development lifecycle.<\/p>\n<hr \/>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-72\/\">87.72<\/a>\u00a0System Decommission and Data Destruction<\/strong><\/p>\n<p>To minimize the risk of unauthorized access, data breaches, and potential institutional liability, this new policy requires that all retired systems, devices, and applications are securely decommissioned, and data is permanently removed or destroyed.<\/p>\n\n<\/div>\r\n\n<\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":49281,"featured_media":0,"parent":21116,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"wsuwp_university_location":[],"wsuwp_university_org":[],"_links":{"self":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/69826"}],"collection":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/users\/49281"}],"replies":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/comments?post=69826"}],"version-history":[{"count":7,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/69826\/revisions"}],"predecessor-version":[{"id":69839,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/69826\/revisions\/69839"}],"up":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/21116"}],"wp:attachment":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/media?parent=69826"}],"wp:term":[{"taxonomy":"wsuwp_university_location","embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/wsuwp_university_location?post=69826"},{"taxonomy":"wsuwp_university_org","embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/wsuwp_university_org?post=69826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}