University of Idaho - I Banner
A student works at a computer


U of I's web-based retention and advising tool provides an efficient way to guide and support students on their road to graduation. Login to VandalStar.

Information Security Office

The Office of Information Technology Information Security Office leads a robust cybersecurity program to support the university mission of research, teaching and outreach, and securely enable faculty, student and administrative needs. This includes support for university IT compliance efforts across regulatory and contractual agreements including GLBA, HIPAA, FERPA, PCI, NIST 800-171, CMMC, NSPM-33 and others.

Key elements of the cybersecurity program include:

  • Annual security awareness training and monthly phish training for all employees, and supplemental cybersecurity training for select groups.
  • Annual Risk Assessment and testing processes to identify and prioritize remediation for reasonably foreseeable internal and external risks to the security, confidentiality and integrity of university data.
  • Data Classification program, per APM 30.11 to track and apply appropriate controls based on data classification and risk.
  • Initial and periodic assessment of service providers through Vendor Security Assessments.
  • Implementing the incident response plan including tools, services and timely response and recovery from any material security events, as authorized by APM 30.14, Cyber Incident Response and Reporting.
  • Implement policies, standards and procedures to enable ongoing success of the security program and all compliance goals.
  • Facilitate the creation, tracking and auditing of individual System Security Plans (SSPs) when required for specific compliant systems or enclaves.
  • Review and approve secure IT architectures, including required processes, safeguards, controls and mitigations to meet security and compliance requirements.

This security program is implementing controls and is monitoring for finalization of technical standards related to NSPM-33 cybersecurity requirements. See also:


Watchful UI is a newsletter from the Information Security Office discussing the latest vulnerabilities, alerts and patches. While designed primarily for IT professionals, it may be of interest to other computing users.

To subscribe, visit the University Communication and Marketing Email preferences page, under University Communications – Watchful UI.


The U of I Information Security Office and security program is overseen by Chief Information Security Officer, Mitch Parks (CISSP), since 2014. This includes designation as the qualified individual per GLBA 16 CFR 314.4(a), and HIPAA Security Officer per 45 CFR 164.308.

For general questions about the program, contact or open a ticket.

Physical Address:

Teaching Learning Center Room 128

Office Hours:

Monday - Friday
8 a.m. to 5 p.m.

Summer Hours:

Monday - Friday
7:30 a.m. to 4:30p.m.

Phone: 208-885-4357 (HELP)