{"id":189,"date":"2025-09-19T15:32:57","date_gmt":"2025-09-19T20:32:57","guid":{"rendered":"https:\/\/www.wisconsin.edu\/information-security\/?page_id=189"},"modified":"2025-09-19T15:32:57","modified_gmt":"2025-09-19T20:32:57","slug":"uwsa-policy-controls","status":"publish","type":"page","link":"https:\/\/www.wisconsin.edu\/information-security\/uwsa-policy-controls\/","title":{"rendered":"UWSA Policy Controls"},"content":{"rendered":"\n<p>The UWSA Policy Controls Website is a web-based tool designed to help users efficiently understand and apply UWSA information security policy requirements. This interface offers a structured view of policy content aligned with the NIST Cybersecurity Framework (CSF) 2.0.<\/p>\n\n\n\n<p>Some key features include:<\/p>\n\n\n\n<p>&nbsp; <strong>Policy content organized by common operational areas<\/strong>, with tailored views for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>End User Devices<\/strong> \u2013 Desktops, laptops, tablets, and virtual devices<\/li>\n\n\n\n<li><strong>Servers<\/strong> \u2013 Including on-premises, IaaS, PaaS, virtual, and hybrid environments<\/li>\n\n\n\n<li><strong>Applications<\/strong> \u2013 Covering on-premises, SaaS, and hybrid systems<\/li>\n<\/ul>\n\n\n\n<p>&nbsp;<strong>Direct links to official UWSA policies<\/strong>, enabling quick reference and deeper exploration<\/p>\n\n\n\n<p>&nbsp; <strong>References to NIST CSF 2.0<\/strong>, <em>Govern, Identify, Protect, Detect, Respond, and Recover<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"987\" src=\"https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-1024x987.png\" alt=\"\" class=\"wp-image-206\" style=\"object-fit:cover;width:200px;height:200px\" srcset=\"https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-1024x987.png 1024w, https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-300x289.png 300w, https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-768x740.png 768w, https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-1536x1481.png 1536w, https:\/\/www.wisconsin.edu\/information-security\/wp-content\/uploads\/sites\/264\/2025\/08\/CSF-wheel-revamp-final-white-2048x1974.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Cross-references to NIST SP 800-171<\/strong>, supporting efforts to align institutional policies with NIST<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<div class=\"wp-block-uwsa-accordion\">\n<details class=\"wp-block-uwsa-panel\"><summary><strong>End User Devices<\/strong> \u2013 Desktops, laptops, tablets, and virtual devices<\/summary><div class=\"panel-body\">\n<p><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Control<\/strong><\/th><th><strong>Frequency<\/strong><\/th><th><strong>What to do<\/strong><\/th><th><strong>References<\/strong><\/th><th><strong>CSF Function<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Operating System<\/strong><\/td><td>Ongoing maintenance<\/td><td>Maintain supported operating systems.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.4.2<\/td><td>Protect<\/td><\/tr><tr><td><strong>Configurations<\/strong><\/td><td>On setup and review<\/td><td>Enable host firewall. <br>Disable remote access protocols (RDP, SSH), by default.<br>Activate screen lock after 15 minutes of inactivity.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.4.2, 3.4.6, 3.4.7<\/td><td>Protect<\/td><\/tr><tr><td><strong>Malware Protection<\/strong><\/td><td>Continuous monitoring<\/td><td>Protect against malware using host-based and institutionally managed software.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.2, 3.14.4<\/td><td>Protect<\/td><\/tr><tr><td><strong>Vulnerability Scanning<\/strong><\/td><td>Monthly\/Quarterly\/Ad-hoc<\/td><td>Configure endpoints for scheduled vulnerability scans. <br><strong>Monthly for high risk or high impact, quarterly for other systems, include authenticated internal scanning for maximum visibility<\/strong>. <br>Perform ad hoc scans after environmental changes.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1, 3.14.5, 3.4.7<\/td><td>Protect<\/td><\/tr><tr><td><strong>Patching<\/strong><\/td><td>Ongoing<\/td><td>Prioritize endpoint patching based on importance. <br>Follow remediation timelines and CVSS ratings.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1<\/td><td>Protect<\/td><\/tr><tr><td><strong>Infected Device<\/strong><\/td><td>On detection<\/td><td>Isolate the endpoint from the network until triaged.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.14.3<\/td><td>Protect<\/td><\/tr><tr><td><strong>Logging and Monitoring<\/strong><\/td><td>Continuous<\/td><td>Create logs for monitoring, investigation, reporting unauthorized activity. <br>Applies to end-user devices with increased security risks. <br>Logs must be monitored locally or centrally.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-logging-and-monitoring\/\">Policy 1041<\/a><br>NIST 800-171 Rev 3: 3.1.7, 3.3.1, 3.3.5, 3.3.7<br>NIST 800-171 Rev 3: 3.14.7<\/td><td>Detect<\/td><\/tr><tr><td><strong>Inventory<\/strong><\/td><td>On setup<\/td><td>Add endpoint to asset inventory.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-it-asset-management\/\">Policy 1035<\/a><br>NIST 800-171 Rev 3: 3.4.1<\/td><td>Identify<\/td><\/tr><tr><td><strong>Incident<\/strong><\/td><td>Continuous<\/td><td>Report an incident that meets medium or higher cyber incident severity criteria. Refer to <a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/download\/UW-System-IR-Plan-v1.5.pdf\">UW System IR plan<\/a>.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-incident-response\/\">Policy 1033<\/a><br>NIST 800-171 Rev 3: 3.6.2<\/td><td>Respond<\/td><\/tr><tr><td><strong>VPN<\/strong><\/td><td>On setup<\/td><td>Enable workstation VPN.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-network-protection-2\/\">Policy 1038<\/a><br>NIST 800-171 Rev 3: 3.13.8<\/td><td>Protect<\/td><\/tr><tr><td><strong>Security Risks<\/strong><\/td><td>Continuous<\/td><td>Capture security risks via methods such as vulnerability scanning, incident response, SIEM alert, and vendor notifications.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-risk-management\/\">Policy 1039<\/a><br>NIST 800-171 Rev 3: 3.11.2, 3.6.1, 3.14.7<\/td><td>Protect<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/details>\n<\/div>\n\n\n\n<div class=\"wp-block-uwsa-accordion\">\n<details class=\"wp-block-uwsa-panel\"><summary><strong>Servers<\/strong> \u2013 On-premises, IaaS, PaaS, virtual, and hybrid environments<\/summary><div class=\"panel-body\">\n<p><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Control<\/strong><\/th><th><strong>Frequency<\/strong><\/th><th><strong>What to do<\/strong><\/th><th><strong>References<\/strong><\/th><th><strong>CSF Function<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Accounts and Authorizations<\/strong><\/td><td>On creation or change<\/td><td>Use only UW-authorized accounts and identity providers.<br>Use Single Sign-On (SSO) by an institution authorized identity provider, when available.<br>Apply security controls aligned with standard, privileged, and highly privileged authorizations.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3: 3.1.1, 3.1.2, 3.1.5, 3.5.1, 3.5.5<\/td><td>Protect<\/td><\/tr><tr><td><strong>Privileged Authorizations<\/strong><\/td><td>On assignment<\/td><td>Privileged authorizations require separate accounts or RBAC, with identities verified through in-person or equivalent assurance methods.<br>Highly privileged authorizations must also use a separate account or PAM workflows.<br>Highly privileged authorizations require approval from the Data Steward(s) responsible for the associated IT Asset(s).<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3: 3.1.6, 3.1.7, 3.13.3<\/td><td>Protect<\/td><\/tr><tr><td><strong>Attestation for Service Account Access<\/strong><\/td><td>Annually<\/td><td>Authorizations must be reviewed annually for all service accounts.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3 3.1.2<\/td><td>Protect<\/td><\/tr><tr><td><strong>Operating System<\/strong><\/td><td>Ongoing maintenance<\/td><td>Maintain supported operating systems.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.4.2<\/td><td>Protect<\/td><\/tr><tr><td><strong>Configurations<\/strong><\/td><td>On setup and review<\/td><td>Enable host firewall. <br>Disable remote access protocols (RDP, SSH), by default.<br> Activate screen lock after 15 minutes of inactivity.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.4.2, 3.4.6, 3.4.7<\/td><td>Protect<\/td><\/tr><tr><td><strong>Malware Protection<\/strong><\/td><td>Continuous monitoring<\/td><td>Protect against malware using host-based and institutionally managed software.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.2, 3.14.4<\/td><td>Protect<\/td><\/tr><tr><td><strong>Vulnerability Scanning<\/strong><\/td><td>Monthly\/Quarterly\/Ad-hoc<\/td><td>Configure servers for scheduled vulnerability scans. <br><strong>Monthly for high risk or high impact, quarterly for other systems, include authenticated internal scanning for maximum visibility<\/strong>. <br>Perform ad hoc scans after environmental changes.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1, 3.14.5, 3.4.7<\/td><td>Protect<\/td><\/tr><tr><td><strong>Patching<\/strong><\/td><td>Ongoing<\/td><td>Prioritize server patching based on importance.<br>Follow remediation timelines and CVSS ratings.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1<\/td><td>Protect<\/td><\/tr><tr><td><strong>Infected Device<\/strong><\/td><td>On detection<\/td><td>Isolate the server from the network until triaged.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.14.3<\/td><td>Protect<\/td><\/tr><tr><td><strong>Logging and Monitoring<\/strong><\/td><td>Continuous<\/td><td>Create logs for monitoring, investigation, reporting unauthorized activity. <br><strong>For high impact services the logs must include security events and must be transferred to a managed logging service.<\/strong><br>Logs must be monitored locally or centrally.<br>Keep logs for at least 30 days.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-logging-and-monitoring\/\">Policy 1041<\/a><br>NIST 800-171 Rev 3: 3.1.7, 3.3.1, 3.3.5, 3.3.7<br>NIST 800-171 Rev 3: 3.14.7<\/td><td>Detect<\/td><\/tr><tr><td><strong>Inventory<\/strong><\/td><td>On setup<\/td><td>Add server to asset inventory.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-it-asset-management\/\">Policy 1035<\/a><br>NIST 800-171 Rev 3: 3.4.1<\/td><td>Identify<\/td><\/tr><tr><td><strong>Incident<\/strong><\/td><td>Continuous<\/td><td>Report an incident that meets medium or higher cyber incident severity criteria. Refer to <a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/download\/UW-System-IR-Plan-v1.5.pdf\">UW System IR plan<\/a>.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-incident-response\/\">Policy 1033<\/a><br>NIST 800-171 Rev 3: 3.6.2<\/td><td>Respond<\/td><\/tr><tr><td><strong>Security Risks<\/strong><\/td><td>Continuous<\/td><td>Capture security risks via methods such as vulnerability scanning, incident response, SIEM alert, and vendor notifications.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-risk-management\/\">Policy 1039<\/a><br>NIST 800-171 Rev 3: 3.11.2, 3.6.1, 3.14.7<\/td><td>Protect<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n<\/div><\/details>\n\n\n\n<details class=\"wp-block-uwsa-panel\"><summary><strong>Applications<\/strong> \u2013 On-premises, SaaS, and hybrid systems<\/summary><div class=\"panel-body\">\n<p><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Control<\/strong><\/th><th><strong>Frequency<\/strong><\/th><th><strong>What to do<\/strong><\/th><th><strong>References<\/strong><\/th><th><strong>CSF Function<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong><strong>Accounts and Authorizations<\/strong><\/strong><\/td><td>On creation or change<\/td><td>Use only UW-authorized accounts and identity providers.<br>Use Single Sign-On (SSO) by an institution authorized identity provider, when available.<br>Apply security controls aligned with standard, privileged, and highly privileged authorizations.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3: 3.1.1, 3.1.2, 3.1.5, 3.5.1, 3.5.5<\/td><td>Protect<\/td><\/tr><tr><td><strong>Privileged Authorizations<\/strong><\/td><td>On assignment<\/td><td>Privileged authorizations require separate accounts or RBAC, with identities verified through in-person or equivalent assurance methods.<br>Highly privileged authorizations must also use a separate account or PAM workflows.<br>Highly privileged authorizations require approval from the Data Steward(s) responsible for the associated IT Asset(s).<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3: 3.1.6, 3.1.7, 3.13.3<\/td><td>Protect<\/td><\/tr><tr><td><strong>Attestation for Service Account Access<\/strong><\/td><td>Annually<\/td><td>Authorizations must be reviewed annually for all service accounts.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-authentication-2\/\">Policy 1030<\/a><br>NIST 800-171 Rev 3 3.1.2<\/td><td>Protect<\/td><\/tr><tr><td><strong>Vulnerability Scanning<\/strong><\/td><td>Monthly\/Quarterly\/Ad-hoc<\/td><td>Configure applications for scheduled vulnerability scans. <br><strong>Monthly for high risk or high impact, quarterly for other systems, include authenticated internal scanning for maximum visibility<\/strong>. <br>Perform ad hoc scans after environmental changes.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1, 3.14.5, 3.4.7<\/td><td>Protect<\/td><\/tr><tr><td><strong>Patching<\/strong><\/td><td>Ongoing<\/td><td>Prioritize application patching based on importance. <br>Follow remediation timelines and CVSS ratings.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-threat-and-vulnerability-management\/\">Policy 1042<\/a><br>NIST 800-171 Rev 3: 3.14.1<\/td><td>Protect<\/td><\/tr><tr><td><strong>Infected Application<\/strong><\/td><td>On detection<\/td><td>Isolate the application from the network until triaged.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-endpoint-protection\/\">Policy 1036<\/a><br>NIST 800-171 Rev 3: 3.14.3<\/td><td>Protect<\/td><\/tr><tr><td><strong>Logging and Monitoring<\/strong><\/td><td>Continuous<\/td><td>Create logs for monitoring, investigation, reporting unauthorized activity. <br><strong>For high impact services the logs must include security events and must be transferred to a managed logging service.<\/strong><br>Logs must be monitored locally or centrally.<br>Keep logs for at least 30 days.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-logging-and-monitoring\/\">Policy 1041<\/a><br>NIST 800-171 Rev 3: 3.1.7, 3.3.1, 3.3.5, 3.3.7<br>NIST 800-171 Rev 3: 3.14.7<\/td><td>Detect<\/td><\/tr><tr><td><strong>Inventory<\/strong><\/td><td>On setup<\/td><td>Add application to inventory.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-it-asset-management\/\">Policy 1035<\/a><br>NIST 800-171 Rev 3: 3.4.1<\/td><td>Identify<\/td><\/tr><tr><td><strong>Incident<\/strong><\/td><td>Continuous<\/td><td>Report an incident that meets medium or higher cyber incident severity criteria. Refer to <a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/download\/UW-System-IR-Plan-v1.5.pdf\">UW System IR plan<\/a>.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-incident-response\/\">Policy 1033<\/a><br>NIST 800-171 Rev 3: 3.6.2<\/td><td>Respond<\/td><\/tr><tr><td><strong>Security Risks<\/strong><\/td><td>Continuous<\/td><td>Capture security risks via methods such as vulnerability scanning, incident response, SIEM alert, and vendor notifications.<\/td><td><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-risk-management\/\">Policy 1039<\/a><br>NIST 800-171 Rev 3: 3.11.2, 3.6.1, 3.14.7<\/td><td>Protect<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n<\/div><\/details>\n<\/div>\n\n\n\n<div class=\"wp-block-uwsa-accordion\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The UWSA Policy Controls Website is a web-based tool designed to help users efficiently understand and apply UWSA information security policy requirements. This interface offers a structured view of policy [&hellip;]<\/p>\n","protected":false},"author":6783,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-189","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/pages\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/users\/6783"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/comments?post=189"}],"version-history":[{"count":40,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/pages\/189\/revisions"}],"predecessor-version":[{"id":248,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/pages\/189\/revisions\/248"}],"wp:attachment":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/media?parent=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}