The college shall assign designated personnel responsible for overseeing and coordinating the organization-wide management and implementation of cybersecurity and data privacy controls and related processes.

The college will implement an enterprise architecture framework that aligns with industry-recognized leading practices, considers cybersecurity and data privacy principles, and addresses risks to organizational operations, assets, individuals, and other organizations.

The college shall standardize technology and process terminology in alignment with the NIST 800-53r5 controls. This standardization will be continuously reviewed and updated to reflect changes in technologies and industry best practices.

The college shall adhere to the principle of security functions being implemented as a layered structure to minimize interactions between layers, thereby avoiding any dependence by lower layers on the functionality or correctness of higher layers.

The college shall adhere to NIST 800-53r5 control AC-2 (4) to ensure that Standard Operating Procedures (SOPs) or similar documentation are identified and documented to enable the proper execution of day-to- day or assigned tasks related to cybersecurity and data protection.

The college will actively facilitate the implementation of security workforce development and awareness controls to enhance the cyber resilience of the organization and reduce the risk of cyber threats and incidents.