Skip to main content

Systems & Applications


The following are the minimum security requirements that must be followed for each DCL. These requirements also apply to 3rd party provided or hosted applications and systems.


All electronically stored data residing within server-based systems must be evaluated and assigned the appropriate DCL. Each system must be managed according to the standards required for the highest data classification level of all the information residing on that system. The system may be managed at a higher level if deemed necessary due to the value or criticality of the information asset. For servers utilizing a database, the data residing in the database must be considered as part of the overall system for classification purposes.


Applications, whether provided by a vendor or developed internally, must meet the application security requirements established for each DCL. Many of these standards can be found at the Open Web Application Security Project (OWASP).

These standards do not cover office productivity software, such as Microsoft Office, or other software packages installed for use only on individual workstations.


Click to expand all categories.



UM Data Classification System

Systems & Applications

Systems Management
Granting & Revoking Access
Network Security
Remote Access Security
Physical Security
System & Application Assessments
Business Continuity
Transmission of Data
Data Disposal

Reviewed 2023-06-12