Cybersecurity Exceptions

Exception requests should be submitted when adherence to a USNH Cybersecurity Standard or Policy is not possible for technical reasons. Examples of exception requests include but are not limited to a blocked website, a device that cannot be upgraded due to specialized instrumentation software, a required security tool is not supported by an OS or application, a legacy operating system is required for educational purposes, or a lab environment requires modified security controls.

Exception requests are reviewed on a case-by-case basis, so it is important to provide as much information as possible to support your request, including a description of the compensating controls that will provide protection. Approved exceptions are assigned an expiration date within 30, 60, or 90 days to allow time for developing a solution. If a solution cannot be determined or implemented within the timeframe, then the risk exception may move into the process for risk acceptance.

Request Service


Service ID: 545
Fri 1/21/22 2:06 PM
Fri 12/8/23 2:35 PM
Available At:
Granite State College (GSC)
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office