Includes the procedures and guidance information that defines the implementation strategies and steps for compliance with the Center for Internet Security (CIS) Critical Security Controls (CSC) Implementation Group 1 (IGI) at a minimum and implementation strategies and steps for compliance with the CIS CSC Implementation Group 2 and Implementation Group 3. Includes the implementation strategies and steps for compliance with other security frameworks as needed per contractual requirements and identifies and assigns the security responsibilities including who is responsible for evaluating and accepting risk at each campus and institute.