Security Consulting and Compliance

General Security Consulting

The IT Security Office provides recommendations for security controls implementation for computing devices. Consult on new or existing projects/issues/equipment to provide best-practice recommendations for security architecture and implementation of specific security controls.
If you have questions or need assistance on items not listed below, please call the IT Security Office (5-6332) or email:

Credit Card Handling (PCI-DSS) Standards Compliance

Technical analysis and assistance to ensure compliance with security standards for handling credit cards on all campus systems.

FISMA Compliance

A general guide to resources, policy information and descriptions encompassing the overall (enterprise) information security environment at The University of Iowa.
Individual units are expected to develop plans which are scoped to the specific environment requiring the completion of a System Security Plan (SSP), as a requirement of the Federal Information Security Management Act (FISMA) of 2002.

HIPAA Compliance

Information resources for Faculty and Staff (both clinical and non-clinical) on how to safe guard health information they work with.

Penetration Testing

Active evaluation of a resource's security using a combination of automated tools and manual methods to breach the security of the system.

Scanning for Sensitive Institutional Data

Second Level support for Identity Finder software which scans computers to locate files that contain sensitive data such as SSNs, credit card numbers, and passwords.

Security Reviews and Assessments

The IT Security Office performs evaluations of computer systems, and provide recommendations to improve security or reach compliance with regulations.
If you have questions, need assistance or a consultation please call the IT Security Office (5-6332) or email:

Frequently visited resources

Defense in Depth Security Strategy:
Information Technology Policy Repository:
University of Iowa Operations Manual:

Family Education Rights and Privacy Act (FERPA)
Health Insurance Portability & Accountability Act (HIPAA)
Gramm Leach Bliley Act (GLBA)
Payment Card Industry Data Security Standards (PCI-DSS)
UI Policy on Credit Cards
Federal Information Security Management Act (FISMA)
Iowa Personal Information Security Breach Notification (Iowa Code, Title XVI, Chapter 715C)