VIII. Cybersecurity Policies and Standards

USY Administrative Board :: VIII. Cybersecurity Policies and Standards

最快开奖直播搅珠结果 Technology/Cybersecurity Standards

1. Purpose
2. Authority
3. Scope
4. Audience
5. Policy Statement
6. Enforcement
7. Exceptions
8. Roles and Responsibilities
9.听顿别蹿颈苍颈迟颈辞苍蝉

B. Acceptable Use Policy

1. Purpose
2. Scope
3. Audience
4. Policy Statement
5. Enforcement
6. Exceptions
7. Roles and Responsibilities
8. Definitions

C. Information Classification

1. Purpose
2. Scope
3. Audience
4. Policy Statement
5. Enforcement
6. Exceptions
7. Roles and Responsibilities
8. Definitions

D. Password Policy

1. Purpose
2. Scope
3. Audience
4. Policy Statement
5. Enforcement
6. Exceptions
7. Roles and Responsibilities
8. Definitions

E. Privacy Policy

A. Cybersecurity Policy

1.听听笔耻谤辫辞蝉别

This policy informs all 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) community members, which includes employees, students, prior students, alumni, parents, contractors, and vendors, of their responsibilities related to maintaining the privacy and security of institutional information and information technology resources.

Protection of information and information technology resources is critical to ensuring the confidentiality, integrity, and availability of that information and to support the ongoing success of 最快开奖直播搅珠结果 and the administrative, academic, and business units of its component institutions.

2.听听Authority

Authority to establish and enforce this policy and all related standards has been granted to the Chief Information Officer (CIO) by the 最快开奖直播搅珠结果 Administrative听 Board.

3.听听Scope

This policy and the related standards apply to access and use of institutional information and information technology resources by all authorized 最快开奖直播搅珠结果 community members.听It applies to information in digital format as well as information in physical formats (e.g., on paper).

For purposes of this policy the term "information technology resources" shall include, but not be limited to, telecommunication and network equipment, desktop/laptop computers, mobile devices, servers, storage solutions, software packages, and applications which are owned by or operated on behalf of 最快开奖直播搅珠结果, its component institutions, or any of its administrative, academic, or business units. The term shall also include non-institutional information technology resources used in the performance of official duties by faculty, staff, or administrators, but only to the extent of such use.

Critical Infrastructure Technology Resources, which includes industrial control systems (ICS) and operational technology (OT), are not in-scope for this policy or the related standards, unless explicitly indicated in the scope of a specific standard.

4.听听Audience

最快开奖直播搅珠结果 community members authorized to access or use institutional information and/or information technology resources should be familiar with this policy and their responsibilities for compliance with the requirements it defines.

5.听听Policy Statement

5.1听听Cybersecurity is everyone's responsiblity

5.1.1听听All 最快开奖直播搅珠结果 community members have responsibility for protecting the confidentiality, availability, and integrity of 最快开奖直播搅珠结果 and its component institution鈥檚 information and information technology resources.

5.1.2听听All 最快开奖直播搅珠结果 and component institution information and information technology resources are assets of 最快开奖直播搅珠结果.听The provisions outlined in this policy:

5.1.2.1听听Apply to any 最快开奖直播搅珠结果 or component institution information, regardless of where or how it is accessed, captured, stored, processed, transmitted, or otherwise managed or what format it is in.

5.1.2.2听听Apply to any device that accesses, captures, stores, processes, transmits, or otherwise manages institutional information and/or utilizes a 最快开奖直播搅珠结果-owned or managed information technology resource, regardless of whether that device is itself an institutional information technology resource (owned and managed by 最快开奖直播搅珠结果 or its component institutions) or a non-institutional information technology resource (personally owned).

5.1.3听听All 最快开奖直播搅珠结果 administrative, academic, and business units shall implement and enforce appropriate cybersecurity controls to:

Protect the privacy and confidentiality of institutional information in all formats
Safeguard institutional information against unauthorized use, modification, destruction, and loss
Protect information technology resources from unauthorized access, compromise, modification, disruption, and destruction

5.1.4听听Situations that are not covered by this policy, or its related standards, or situations for which clarity is required to ensure compliance, shall be raised to the attention of the Chief Information Security Officer (CISO) for guidance and resolution.

5.2听听Governance

5.2.1听听An organizational structure with clearly assigned responsibilities for oversight and enforcement of cybersecurity across the University System shall be established and maintained and led by the CISO.

5.2.2听听The CISO shall develop and maintain a Cybersecurity Program and all its components, including this policy and all related policies, standards, processes, and procedures.

5.2.3听听The CIO shall be responsible for approval of the Cybersecurity Program and all related components. The CIO has the authority to delegate approval for aspects of this program to the CISO.

5.2.4听听Standards, processes, and procedures outlining the requirements to comply with this, and other information technology or cybersecurity policies, shall be established in alignment with best practices and industry framework(s) identified in the Cybersecurity Program.

5.2.5听听Cybersecurity Policies and Standards shall be maintained in an easily accessible location appropriate for authorized community members.

5.2.6听听Processes required to monitor adherence to this policy and the related standards shall be established, implemented, monitored for effectiveness, and regularly reviewed, to enable and ensure continuous improvement.

5.2.7听听Owners of all 最快开奖直播搅珠结果 information and information technology resources shall be assigned (e.g., information/data stewards, business application owners, technology service owners) and shall act as the authorizing manager for that asset.

5.2.8听听The CISO shall provide periodic reporting of meaningful cybersecurity metrics to the CIO and the appropriate authoritative body to ensure visibility into the effectiveness of and compliance with 最快开奖直播搅珠结果 Cybersecurity Policy and Standards.

5.3听听Protection of 最快开奖直播搅珠结果 Information

5.3.1听听All institutional information shall be classified according to the information classification system outlined in the 最快开奖直播搅珠结果 Information Classification Policy.

5.3.2听听Pursuant to the relevant standards, 最快开奖直播搅珠结果 community members shall adhere to established information handling requirements, respect the privacy of others whose information they have access to, and take appropriate precautions to protect that information from unauthorized disclosure or use.

5.3.3听听Administrative, logical, and physical controls shall be implemented for all institutional information, regardless of the format of the information (e.g., electronic, stored on removable media, printed).听Required controls shall be based on the information鈥檚 classification and documented in the relevant standard(s).

5.3.4听听Access to and use of all institutional information, regardless of classification or format, shall be authorized by the designated information steward.

5.3.5听听All institutional information shall be encrypted per the requirements outlined in the relevant standard(s).

5.3.6听听All institutional information that is stored in physical formats shall be secured per the requirements outlined in the relevant standards.

5.3.7听听Access to institutional information tied to another specific community member鈥檚 account shall only be authorized as outlined in the relevant standard.

5.3.8听听Access to institutional information shall only be granted to a vendor or other external party after all requirements defined in the relevant standard(s) have been met.

5.3.9听听Appropriate media sanitization methods as defined in the relevant standard(s) shall be used to remove all institutional information from each information technology resource that is capable of storing data, prior to the release of that resource for disposal or re-use, or at the cessation of organizational control over that resource.

5.4听听Protection, Continuity, and Resilience

5.4.1听听最快开奖直播搅珠结果 information and information technology resources shall be protected from natural and human hazards in alignment with the Cybersecurity Risk Management Standard and other relevant 最快开奖直播搅珠结果 standard(s).

5.4.2听听最快开奖直播搅珠结果 information, regardless of where it is stored or by whom it is managed, shall be backed up according to requirements established in the relevant standard(s).听

5.4.3听听The CIO and the CISO have the authority to act, with appropriate communication to business application owners, technology service owners, and the 最快开奖直播搅珠结果 community, if possible, to ensure that enterprise information technology resources do not pose a threat to the mission or operations of 最快开奖直播搅珠结果 or its component institutions, institutional information, or other information technology resources.

5.4.4听听Enterprise Technology & Services (ET&S) shall develop, publish, and maintain an Information Technology Disaster Recovery Plan designed to minimize the effects of a disaster and support restoration of critical enterprise information technology resources and operations following a disaster.

5.5听听Risk Management

5.5.1听听Risk must drive cybersecurity decision making, investment, and prioritization.

5.5.2听听The CISO shall be responsible for establishment, management, and maintenance of a Cybersecurity Risk Management Program which shall be documented in the relevant standard(s).

5.5.3听听All administrative, academic, and business units shall be required to participate in this Program, if requested to do so, and are responsible for implementing Risk Action Plans developed as a result of that participation.

5.5.4听听All enterprise Information technology resources and critical administrative, academic, or business processes shall be assigned a security categorization as outlined in the relevant standard(s).听This categorization shall be used in formal and informal risk assessments involving that resource.

5.5.5听听Cybersecurity risk assessments shall be performed, documented, actioned, tracked, reviewed, and revised as dictated by the relevant standard(s).

5.5.6听听Cybersecurity risks that are not mitigated, transferred, or avoided shall require risk acceptance as outlined in the relevant standard(s).

5.6听听Personnel Security

5.6.1听听All 最快开奖直播搅珠结果 employees, including student workers that work with certain types of information, shall be subject to a background check according to the process dictated by 最快开奖直播搅珠结果 Human Resources.

5.6.2听听最快开奖直播搅珠结果 community members who manage institutional information and/or information technology resources on behalf of the University System, or its component institutions, shall be required to review and sign the Enterprise Technology & Services Confidentiality and Cybersecurity Agreement.

5.6.3听听最快开奖直播搅珠结果 community members authorized to access or use institutional information or information technology resources may be required to sign data-specific agreements and/or complete additional training requirements prior to being provided with that access.

5.7听Awareness & Training

5.7.1听听A Cybersecurity Awareness and Training Program, designed to reduce the risks of error, theft, fraud, misuse, or other compromise of institutional information and information technology resources, shall be established and documented in the relevant standard(s).

5.7.2听听最快开奖直播搅珠结果 community members shall be informed of their responsibilities for the protection of institutional information and information technology resources and provided appropriate training to aid in fulfilling those responsibilities.

5.7.3听听最快开奖直播搅珠结果 community members with specific cybersecurity responsibilities shall be informed of these responsibilities and provided appropriate training to aid in fulfilling those responsibilities, prior to being granted any privileged or elevated access necessary to fulfill those responsibilities.

5.8听听Identity and Access Management

5.8.1听听Access to institutional information shall be restricted to only those individuals with approved authorizations.

5.8.2听听Institutional information shall only be shared, including verbally, in paper form, or via digital means, with those individuals who are authorized to receive it, using the appropriate mechanism for the information鈥檚 classification as defined in the relevant policies and standards.

5.8.3听听Access to institutional information stored in or managed by information technology resources shall be protected from unauthorized access through the management of identities, authentication credentials, accounts, and authorized access permissions.

5.8.4听听Each 最快开奖直播搅珠结果 community member shall be assigned a single, primary 最快开奖直播搅珠结果 identity according to the requirements defined in the relevant standard(s).

5.8.5听听Use of 最快开奖直播搅珠结果 username shall be restricted to approved uses as established in the relevant standard(s).

5.8.6听听Access to institutional information and information technology resources shall be granted in accordance with the requirements and restrictions defined in the relevant standard(s).

5.8.7听听Passwords used to secure access to information technology resources shall follow the requirements established in the 最快开奖直播搅珠结果 Password Policy.

5.8.8听听Accounts used to access information technology resources shall be approved, created, enabled, modified, disabled, removed, and used in accordance with the requirements established in the relevant standard(s).

5.8.9听听Privileged access to information technology resource shall be granted and managed in accordance with the requirements established in the relevant standard(s).

5.8.10听听Remote access to information technology resources shall comply with the established security requirements, usage restrictions, recommended configurations, and implementation guidance provided in the relevant standard(s).

5.9听听Regulatory Compliance

5.9.1听听Use and operation of information and information technology resources shall comply with federal, state, and local laws, 最快开奖直播搅珠结果 and component institution policies, and contractual obligations.

5.9.2听听Access to and use of institutional information protected by regulation or industry requirement, including but not limited to the following, shall follow all requirements defined in the relevant standard(s):

FERPA 鈥� Family Educational Rights and Privacy Act
HIPAA 鈥� Health Insurance Portability and Accountability Act
PCI-DSS 鈥� Payment Card Industry 鈥� Data Security Standard

5.9.3听听The CISO shall institute programs, processes, procedures, and training, as needed, to inform 最快开奖直播搅珠结果 community members and administrators about the security controls needed to comply with applicable laws, regulations, 最快开奖直播搅珠结果 policies, and contractual obligations.

5.9.4听听The CISO shall periodically conduct an audit of security controls implemented by administrative, academic, and business units to ensure compliance with applicable laws, regulations, 最快开奖直播搅珠结果 policies, and contractual obligations.

5.10听听Physical and Environmental Security

5.10.1听听最快开奖直播搅珠结果 community members authorized to access and/or use information and information technology resources shall take appropriate measures, as outlined in relevant standard(s), to prevent physical access to that information and those resources by unauthorized persons.

5.10.2听听Technology Service Owners and Business Application Owners shall institute and enforce procedures, within their level of responsibility and authority, to protect the information and information technology resources under their control in compliance with the relevant standard(s).

5.10.3听听Physical access to facilities where specific types of information or information technology resources are housed or stored shall be restricted to authorized personnel.听Examples of specific types include, but are not limited to:

Information stored in paper format with a classification that requires physical access be restricted
Infrastructure components including, but not limited to, networking equipment (e.g., switches and routers)
Servers that are capturing, storing, processing, transmitting, or otherwise managing institutional information
Endpoints that require specific physical security controls to meet research grant requirements or other contractual obligations

5.11听听Network Management

5.11.1听听All 最快开奖直播搅珠结果 networks shall be managed in such a manner that the confidentiality, integrity, and availability of institutional information and information technology resources are safeguarded from interference, unauthorized access, or compromise consistent with 最快开奖直播搅珠结果鈥檚 commitment to privacy, and the requirements defined in the relevant standard(s).

5.11.2听听Designated Network Administrators shall be responsible for management of all 最快开奖直播搅珠结果 networks and implementation of all required security controls to safeguard those networks, as defined in the relevant standard(s).

5.11.3听听Access to the information technology resources used to provide and manage 最快开奖直播搅珠结果 networks shall be appropriately restricted, both physically and logically, to ensure only authorized personnel have access.

5.11.4听听最快开奖直播搅珠结果 networks shall be monitored to detect cybersecurity incidents as required in the relevant standard(s).

5.11.5听听最快开奖直播搅珠结果 wireless networks shall be managed, and the wireless spectrum monitored, to minimize interference between wireless networks and other devices using radio frequencies.

5.12听听Information Technology Resource Management

5.12.1听听Appropriate safeguards and controls shall be incorporated into the lifecycle of all information technology resources as required by the relevant standard(s).

5.12.2听听Required safeguards and controls shall be determined by the classification of the institutional information being accessed, captured, stored, processed, transmitted, or otherwise managed and/or the security categorization of the information technology resource(s).

5.12.3听听Configuration changes made to information technology resources, regardless of where they are hosted or who manages them, shall be approved using the procedures defined in the relevant standard(s).

5.12.4听听Regular maintenance activities (e.g., applying patches, installing updates, arranging for annual service calls) shall be performed on all information technology resources according to the requirements defined in the relevant standard(s).

5.12.5听听All administrative, academic, and business units shall develop and maintain a comprehensive inventory of information technology resources for which they are responsible.

5.12.6听听Software used to conduct 最快开奖直播搅珠结果 or component institution business shall comply with all Cybersecurity Policies and Standards, including software and applications that reside on 最快开奖直播搅珠结果 owned or managed information technology resources as well as software and applications that are provided by and/or managed by vendors.

5.12.7听听Endpoint devices used to connect to 最快开奖直播搅珠结果 networks shall be configured, managed, used, maintained, and disposed of according to the requirements defined in the relevant standard(s).

5.12.8听听All servers connecting to 最快开奖直播搅珠结果 Networks shall be configured, administered, and managed in accordance with the requirements defined in the relevant standard(s).

5.12.9听听Administrative, academic, and business units shall not deploy, implement, or build enterprise information technology services that duplicate services provided by Enterprise Technology & Services (ET&S) (e.g., email servers) without the express written permission of the CIO.听Unauthorized services may be blocked from accessing the network.

5.12.10听听Enterprise telecommunication services and the information technology resources used to provide them shall be appropriately protected from intentional, unintentional, inappropriate, or negligent acts or omissions according to the requirements in the relevant standard(s).

5.13听听Vendor Management

5.13.1听听Procurement and/or use of vendor information technology resources that capture, store, process, transmit, or otherwise manage institutional information shall require approval by Cybersecurity & Networking and follow the requirements defined in the relevant standard(s).听This includes vendor cloud-hosted applications and vendor-supported information technology resources that are hosted on-premise.

5.13.2听听Administrative, academic, and business units that procure information technology resources from vendors, and who choose to manage and support those vendor applications internally, rather than engage in a support agreement with Enterprise Technology & Services (ET&S) for management of those resources, shall obtain ET&S approval and be responsible for:

Ensuring appropriate cybersecurity controls are implemented
Implementing and managing access controls aligned with the Access Management Standard and the Accounts Management Standard
Providing support to the 最快开奖直播搅珠结果 community
Maintaining that information technology resource (e.g., applying security patches, handling upgrades, monitoring performance)
Managing the relationship with the vendor
Maintaining appropriate audit trail artifacts and annual attestation(s)

5.14听听Incident Management

5.14.1听听All members of the 最快开奖直播搅珠结果 community are responsible for reporting cybersecurity incidents, including any suspected, potential, or actual unauthorized disclosure of institutional information, to Cybersecurity & Networking immediately per the process identified in the Cybersecurity Incident Response Plan.

5.14.2听听Cybersecurity events and incidents shall be investigated, mitigated, remediated, documented, and tracked according to the Cybersecurity Incident Response Plan.

5.14.3听听To ensure appropriate, timely notification of potential and confirmed data breaches, the CISO, in cooperation with the 最快开奖直播搅珠结果 General Counsel鈥檚 Office, shall manage all required notifications to relevant regulatory bodies pursuant to the relevant standard(s).

5.15听听Policy Maintenance

5.15.1听听The CISO is responsible for documenting issues of clarity within this Policy or the related Standards raised by 最快开奖直播搅珠结果 community members and for ensuring those issues are resolved in a timely manner through revision of this Policy and the related standards.

5.15.2听听This Policy and the related standards shall be reviewed and maintained regularly, but no less than once per year.

6.听听Enforcement

Failure to comply with this Policy puts the University System, its component institutions, and its information and information technology resources at risk and may result in disciplinary action.听Disciplinary procedures will be appropriate for the individual responsible for non-compliance (e.g., students, faculty, staff, vendors) as outlined in the relevant institutional regulations for that individual (e.g., student conduct and/or applicable personnel policies).

Non-compliant technology and/or activities may be mitigated as deemed necessary by the CISO and/or CIO.

Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.

7.听听贰虫肠别辫迟颈辞苍蝉

Requests for exceptions to this Policy shall be submitted and approved according to the requirements provided in the Cybersecurity Exception Standard.

8.听听Roles and Responsibilities

8.1听听Administrative, Academic, and Business Unit Leadership

8.1.1听听Enforce appropriate cybersecurity controls to:

Protect the privacy of institutional information
Safeguard electronic and derivative information against unauthorized use and modification
Protect information technology resources against unauthorized access, modification, and disruption
Prevent the loss of or damage to institutional information and information technology resources

8.1.2听听Develop and maintain a comprehensive inventory of information technology resources for which they are responsible.

8.1.3听听Provide support, maintenance, and vendor relationship management, either directly, or through negotiated agreements with Enterprise Technology & Services (ET&S), for information technology resources procured from vendors.

8.1.4听听Report all cybersecurity events or incidents to Cybersecurity & Networking.

8.2听听Application Developer/System/Database/Application Administrator

8.2.1听听Ensure appropriate cybersecurity controls are applied during the information technology resource lifecycle.

8.2.2听听Protect, to the extent practical, the information technology resources in their care from natural and human hazards.

8.2.3听听Report all cybersecurity events or incidents to Cybersecurity & Networking.

8.3听听Business Application Owner

8.3.1听听Institute and follow procedures to protect the information technology resources under their control from loss, damage, theft, compromise, and unauthorized access.

8.3.2听听Ensure appropriate access management controls are implemented to reduce the risk of unauthorized access.

8.3.3听听Report all cybersecurity events or incidents to Cybersecurity & Networking.

8.4听听Chief Information Officer (CIO)

8.4.1听听Approve all cybersecurity Policies and Standards.

8.5听听Chief Information Security Officer (CISO)

8.5.1听听Develop and maintain the Cybersecurity Program and all its components, including this policy and all related standards, processes, and procedures.

8.5.2听听Ensure the policies, standards, processes, and procedures supporting the Cybersecurity Program are established in alignment with the framework(s) designated in the Cybersecurity Program.

8.5.3听听Provide access to the standards, processes, and procedures related to this policy in an easily accessible location appropriate for authorized community members.

8.5.4听听Monitor adherence to this policy and all related standards, processes, and procedures.

8.5.5听听Establish the Cybersecurity Risk Management program.

8.5.6听听Provide appropriate cybersecurity awareness training for all 最快开奖直播搅珠结果 community members.

8.5.7听听Institute procedures to inform appropriate 最快开奖直播搅珠结果 community members about applicable laws, regulations, 最快开奖直播搅珠结果 and component institution policies, and contractual obligations.

8.5.8听听Conduct an audit of security controls used to protect institutional information.

8.5.9听听Review and approve exceptions to this policy and related standards.

8.5.10听听The CISO shall establish and maintain an Identity and Access Management program.

8.6听听Information Steward/Data Steward

8.6.1听听Act as the authorizing manager for a designated information asset(s).

8.6.2听听Authorize all access to and use of designated information asset(s).

8.7听听Network听Administrator

8.7.1听听Manage all 最快开奖直播搅珠结果 networks in such a manner that institutional information and information technology resources are safeguarded from interference, unauthorized access, and compromise.

8.7.2听听Manage the wireless spectrum to minimize interference between wireless networks and other devices that use radio frequencies.

8.7.3听听Monitor and enforce compliance with this Policy on all 最快开奖直播搅珠结果 networks.

8.7.4听听Report all cybersecurity events or incidents to Cybersecurity & Networking.

8.8听听Technology Service Owner

8.8.1听听Institute and follow procedures to protect the information technology resources under their control from loss, damage, theft, compromise, and unauthorized access.

8.8.2听听Create a safe environment for the housing and use of information technology resources under their control.

8.8.3听听Report all cybersecurity events or incidents to Cybersecurity & Networking.

8.9听听最快开奖直播搅珠结果 Community Members

8.9.1听听Protect the confidentiality, availability, and integrity of 最快开奖直播搅珠结果 and its component institution鈥檚 information and information technology resources as required by the relevant standard(s).

8.9.2听听Follow processes and procedures provided by Enterprise Technology & Services (ET&S) and the 最快开奖直播搅珠结果 administrative, academic, and business units to ensure compliance with all required cybersecurity controls.

8.9.3听听Complete all assigned cybersecurity training within the required timeframe.

8.9.4听听Request clarification when needed to ensure understanding of responsibilities and requirements for complying with 最快开奖直播搅珠结果 policies and standards.

8.9.5听听Sign confidentiality and data handling agreements as required prior to accessing institutional information and/or information technology resources that require them.

8.9.6听听Adhere to established information handling requirements, respect the privacy of others whose information they have access to, and take appropriate precautions to protect that information from unauthorized disclosure or use.

8.9.7听听Report any suspected, potential, or actual unauthorized disclosure of institutional information per the process identified in the Cybersecurity Incident Response Plan.

8.9.8听听Report all cybersecurity incidents to Cybersecurity & Networking.

8.10听听The 最快开奖直播搅珠结果 President鈥檚 Council

8.10.1听听Oversight of the Cybersecurity Program to ensure 最快开奖直播搅珠结果 has made proper and appropriate preparations to respond to and recover from a Cyber Event.

8.11听听The Identify and Access Management (IAM) Team

8.11.1听听The IAM team has developed a Standard Operating Procedure (SOP) (V1.1, dated 20 March 2023) which contains or addresses network monitoring, log management, and incident management. The SOP is reviewed and updated quarterly.

9. 顿别蹿颈苍颈迟颈辞苍蝉.听Terms used in the 最快开奖直播搅珠结果 Cybersecurity Policies and Standards and not otherwise defined will have the meaning as described in the 听 ().

CONTACT INFORMATION

For 最快开奖直播搅珠结果 community members: Questions about this Policy, requests for additional information or training, or reports of violations can be directed to Cybersecurity Governance, Risk, & Compliance (GRC) via this .

All other requests can be submitted here: .

B. Acceptable Use Policy

1.听 听笔耻谤辫辞蝉别

The information technology resources provided by the 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) and its component institutions support the educational, instructional, research, and administrative activities of the University System and those institutions.听Use of these resources is a privilege that is extended to 最快开奖直播搅珠结果 community members.听Inappropriate or improper use of these shared resources can impede or negatively impact availability for the rest of the community.听As such, all community members are required to behave in a responsible, ethical, and legal manner during that use.

This policy defines acceptable use of information technology resources at 最快开奖直播搅珠结果 and its component institutions and outlines the responsibilities and obligations of community members who are granted access to or use of these resources.听Specifically, this policy supports the following objectives:

Safeguarding the confidentially, availability, integrity, and privacy of institutional information and enterprise information technology resources
Providing a reliable information technology environment for all 最快开奖直播搅珠结果 community members
Guaranteeing use of enterprise information technology resources is consistent with the principles and values that govern use of other 最快开奖直播搅珠结果 and component institution resources (e.g., facilities)
Confirming that enterprise information technology resources are used for their intended purposes

2.听听Scope

This policy applies to anyone who utilizes 最快开奖直播搅珠结果 information technology resources, and all uses of those resources, irrespective of where the resources are being used. This includes students, faculty, staff, contractors, vendors, prior students/alumni, parents, volunteers, and external customers utilizing services provided by 最快开奖直播搅珠结果.

For purposes of this policy only, any individual who is authorized to access or use a 最快开奖直播搅珠结果 or component institution information technology resource is considered a member of the 最快开奖直播搅珠结果 community.

This policy covers the use of all information and information technology resources owned, managed, licensed, or entrusted to 最快开奖直播搅珠结果 or one of its component institutions, regardless of who is providing those resources, how they are being provided, or how they are being accessed.听Referred to throughout this policy as institutional information and 最快开奖直播搅珠结果 information technology resources, this includes, but is not limited to:

Information technology resources administered by Enterprise Technology & Services (ET&S) or contracted vendors
Information technology resources administered or managed by individual administrative, academic, or business units
Institutionally owned endpoint devices
Institutional telecommunication services including voicemail
Personally owned endpoint devices that connect to any 最快开奖直播搅珠结果 network
Devices, regardless of device ownership, that connect to any 最快开奖直播搅珠结果 information technology resource, including students鈥� use of devices

Business Application Owners or Technology Service Owners have the authority to establish more restrictive requirements governing use of those resources in their care. When there are additional use restrictions for a specific information technology resource, individuals who need access to that resource shall be informed of those restrictions, and agree to abide by them, prior to access being granted.

3.听听Audience

This Policy applies to all 最快开奖直播搅珠结果 community members granted access to any 最快开奖直播搅珠结果 information technology resource.

4.听听Policy Statement

4.1听听Information Technology Resources are Shared

4.1.1听听最快开奖直播搅珠结果 provides information technology resources to authorized members of the 最快开奖直播搅珠结果 community and others in support of each 最快开奖直播搅珠结果 component institution鈥檚 mission and the mission of the University System.

4.1.2听听To ensure access to and reliability of this shared resource, 最快开奖直播搅珠结果 and its component institutions shall safeguard the confidentiality, integrity, availability, and privacy of these information technology resources and the institutional information captured, stored, processed, transmitted, or otherwise managed by them.

4.1.3听听最快开奖直播搅珠结果 and component institution policies that govern freedom of expression, discriminatory harassment, and related matters in the context of standard written expression, also govern electronic expression as well. This Policy addresses circumstances that are particular to information technology resources and is intended to augment, but not to supersede, other relevant 最快开奖直播搅珠结果 and component institution policies.

4.2听听Community Member Rights and Responsibilities

4.2.1听听Members of the 最快开奖直播搅珠结果 community shall be provided with the use of information technology resources. While accessing and using these resources, community members shall have a reasonable expectation of:

reliable use of these shared resources
protection from abuse and intrusion by others sharing these resources

4.2.2听听Community members shall be responsible for exercising good judgment in the use of those resources including respecting the rights and privacy of others, respecting the security and integrity of the information technology resources they are given access to, and observing all relevant laws, regulations, contractual obligations, and 最快开奖直播搅珠结果 policies and standards.

4.2.3听听Any suspicious activity related to enterprise or institutional accounts or information technology resources shall be reported immediately according to the Cybersecurity Incident Reporting process.

4.3听听Acceptable Use

4.3.1听听Acceptable Use of information technology resources is always ethical, reflects academic integrity, and shows restraint in the consumption of shared resources.

4.3.2听听It demonstrates respect for intellectual property, ownership of data, information technology resource security, and freedom from intimidation and harassment.

4.3.3听听The following are explicitly defined as acceptable:

4.3.3.1听听Use that supports the administrative, academic, research, outreach, service, and operational mission of 最快开奖直播搅珠结果 and each of its component institutions.

4.3.3.2听听Use of information technology resources for which the community member has been authorized to access and use so long as that use adheres to the intended use of those resources.

4.3.3.3听听Use that protects the intellectual property of others and the rights of copyright holders of music, videos, images, texts, and other media.

4.4听听Prohibited Use

4.4.1听听Use of 最快开奖直播搅珠结果 information technology resources that is illegal, disruptive, or that has the potential to negatively impact other community members or shared information technology resources is prohibited.

4.4.2听听Use that violates a 最快开奖直播搅珠结果 or component institution policy, a contractual obligation, or that subverts the mission of 最快开奖直播搅珠结果, or its component institutions is prohibited.

4.4.3听听Additionally, the following uses of 最快开奖直播搅珠结果 information technology resources are explicitly prohibited:

4.4.3.1听听Unauthorized Use

4.4.3.1.1听听Use or attempted use of any information technology resources without permission.

4.4.3.1.2听听Use of another community member鈥檚 credentials, even if the community member gives their permission.

4.4.3.1.3听听Sharing any password associated with enterprise or component institution credentials in violation of the 最快开奖直播搅珠结果 Password Policy.

4.4.3.1.4听听Allowing or enabling use of 最快开奖直播搅珠结果 information technology resources by any individual or organization that is not affiliated with 最快开奖直播搅珠结果 or one of its component institutions.

4.4.3.2听听Illegal Use

4.4.3.2.1听听Use of 最快开奖直播搅珠结果 information technology resources in violation of civil or criminal law at the federal, state, or local levels or in violation of any regulation.

4.4.3.2.2听听Use of 最快开奖直播搅珠结果 information technology resources to libel, slander, harass, defame, intimidate, or threaten anyone.

4.4.3.2.3听听Use that violates copyright laws through inappropriate reproduction or dissemination of copyrighted material.

4.4.3.3听听Inappropriate Use

4.4.3.3.1听听Use that is inconsistent with the University System's non-profit status.

4.4.3.3.2听听Use of 最快开奖直播搅珠结果 information technology resources for profit and/or commercial use, including non-最快开奖直播搅珠结果 or component institution business purposes.

4.4.3.3.3听听Use for the purpose of lobbying that connotes 最快开奖直播搅珠结果 or component institution involvement in or endorsement of any political candidate or ballot initiative.

4.4.3.3.4听听Attempting to alter or reconfigure any 最快开奖直播搅珠结果 information technology resource without proper authorization.

4.4.3.3.5听听Use that results in the display of obscene, lewd, or sexually harassing images or text in a public area or location that can be in view of others.

4.4.3.4听听Damaging Use

4.4.3.4.1听听Use that damages the integrity of information technology resources, whether they belong to 最快开奖直播搅珠结果 or not.

4.4.3.4.2 Use of information technology resources to gain unauthorized access to networks or other information technology resources, whether they belong to 最快开奖直播搅珠结果 or not.

4.4.3.4.3听听Use that seeks to circumvent, defeat, or attempt to defeat information technology resource security controls.

4.4.3.5听听Disguised Use

4.4.3.5.1听听Use that attempts to alter or obscure the identity of the community member or the identity of an endpoint or other connected device while communicating with any 最快开奖直播搅珠结果 network

4.4.3.5.2听听Masquerading as or impersonating others or otherwise using a false identity without authorization, while accessing and/or utilizing 最快开奖直播搅珠结果 information technology resources.

4.4.3.6听听Disruptive Use

4.4.3.6.1听听Use that impedes, interferes with, impairs, or otherwise causes harm to the activities of other community members (e.g., consumption of excessive bandwidth, distribution of malicious programs, spamming internal distribution lists).

4.4.3.6.2听听Removal of any 最快开奖直播搅珠结果-owned or administered information technology resource from its normal location without authorization.

4.5听听Privacy

4.5.1听听Student educational records stored on or accessible via 最快开奖直播搅珠结果 information technology resources shall only be shared and used in accordance with the Family Educational Rights and Privacy Act of 1974 (FERPA).听Handling requirements for information protected by FERPA are provided in the Protected Information Handling Standard.

4.5.2听听While all 最快开奖直播搅珠结果 community members shall have a reasonable expectation to a certain degree of privacy related to their use of information technology resources provided by 最快开奖直播搅珠结果 and its component institutions, there are specific circumstances under which access to information or information technology resource use for a specific community member shall be authorized for 最快开奖直播搅珠结果 officials, ET&S personnel, law enforcement, other community members, or other external parties.

4.5.3听听Some of those circumstances allow for this access without the knowledge and/or consent of the impacted community member.

4.5.4听听The rules governing when and how that access is granted and to whom it can be granted for allowable circumstances shall be documented in the Access to Password Protected Information Standard.

4.5.5听听ET&S reserves and retains the right to access, affect, and inspect information technology resources, and the information stored within those resources, without the consent of community members, to the extent necessary to manage and administer those resources (e.g., backup and caching of information and communications, the logging of activity, monitoring of general usage patterns, and other activities necessary or convenient for the provision of service).

4.6听听Use of Personally Owned Devices

4.6.1听听最快开奖直播搅珠结果 and its component institutions shall allow community members to connect personally owned devices to 最快开奖直播搅珠结果 networks and to use personally owned endpoint devices to access approved institutional information and 最快开奖直播搅珠结果 information technology resources on-campus or remotely.

4.6.2听听While this is an acceptable use of 最快开奖直播搅珠结果 information technology resources, community members who choose to use personally owned devices to connect to and/or access any 最快开奖直播搅珠结果 information technology resource shall agree to the following:

4.6.2.1听听Connecting to a 最快开奖直播搅珠结果 network with a personally owned endpoint or other device implies consent for 最快开奖直播搅珠结果 and its component institutions to perform security scans on that device while connected to the network.

4.6.2.2听听Any personally owned device connecting to a 最快开奖直播搅珠结果 network must be registered with the appropriate component institution.

4.6.2.3听听Unregistered devices may be blocked from accessing 最快开奖直播搅珠结果 networks or other information technology resources.

4.6.2.4听听All personal endpoint devices connecting to 最快开奖直播搅珠结果 information technology resources must meet the requirements defined in the Endpoint Management Standard.

4.6.2.5听听Personally owned endpoint devices used by 最快开奖直播搅珠结果 employees to conduct 最快开奖直播搅珠结果 or component institution business that are involved in a cybersecurity incident may be searched as part of the internal ET&S investigation or any investigation by law enforcement.

4.6.3听听Although use of personally owned endpoint devices or other devices to connect to or use 最快开奖直播搅珠结果 information technology resources is considered acceptable use, these devices shall not be used to host websites, applications, or services, across any 最快开奖直播搅珠结果 network, for a non-最快开奖直播搅珠结果 or component institution organization, without specific authorization from the Chief Information Security Officer (CISO).

4.7听Personal Use of 最快开奖直播搅珠结果 Information Technology Resources

4.7.1听听Incidental personal use of 最快开奖直播搅珠结果 information technology resources is allowed (e.g., internet access, accessing personal e-mail) as long as it is consistent with this Policy, and any applicable administrative, academic, or business unit policies, procedures, and guidelines, and it does not:

4.7.1.1听听Interfere with the performance of an employee鈥檚 job or other responsibilities.

4.7.1.2听听Consume a disruptive amount of information technology resources.

4.7.1.3听听Violate any other 最快开奖直播搅珠结果 or component institution policies.

4.7.2听听While this is considered an acceptable use, supervisors may impose further limits on use of 最快开奖直播搅珠结果 information technology resources for non-work purposes, in accordance with normal supervisory procedures.

4.8听听Network听Infrastruture

4.8.1听听Unless specifically authorized, by the Chief Information Security Officer (CISO), community members shall not connect networking equipment (e.g., routers, hubs, sniffers) to any 最快开奖直播搅珠结果 network, nor operate network services (e.g., routing, name service, multicast services) on any endpoint or other device attached to a 最快开奖直播搅珠结果 network.

4.8.2听听Community members shall not attempt to modify or tamper with any 最快开奖直播搅珠结果 wired and/or wireless network services nor to extend these information technology resources beyond the limits provided.

4.8.3听听Unauthorized information technology resources connecting or attempting to connect to a 最快开奖直播搅珠结果 network may be denied access, have access terminated, and/or be banned from future access.

4.8.4听听Detailed requirements for obtaining authorization to connect to a 最快开奖直播搅珠结果 network shall be provided in the relevant 最快开奖直播搅珠结果 Standards.

4.9听听Loss of Access to Shared Information Technology Resources

4.9.1听听ET&S may temporarily deactivate or restrict an individual's access to one or more shared information technology resources, even in the absence of a suspected AUP violation, when necessary to preserve the confidentiality, integrity, and/or availability of those and other information technology resources.

4.10听听Acceptable Use Violations

4.10.1听听If a community member observes or is otherwise aware of an alleged violation of this Policy, they should report the matter to the CISO.

4.10.2听听The CISO, based on the details of the alleged violation, may investigate and, if appropriate, refer the matter to the appropriate 最快开奖直播搅珠结果 institution鈥檚 disciplinary authorities as outlined in the Enforcement section below.

4.11听听Policy Maintenance

4.11.1听听This Policy and the related standards shall be reviewed and maintained regularly, but no less than once per year.

5.听听Enforcement

Non-compliant technology and/or activities may be mitigated as deemed necessary by the CISO and/or CIO.

Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.

6.听听贰虫肠别辫迟颈辞苍蝉

Requests for exceptions to this policy shall be submitted and approved according to the requirements provided in the Cybersecurity Exception Standard.

7.听听Roles and Responsibilities

7.1听听Business Application Owners/Technology Service Owners

7.1.1听听Adhere to the rules governing access to specific community member institutional information and/or information technology resources defined in the Access to Password Protected Information Standard.

7.1.2听听When warranted:

7.1.2.1听听Establish more restrictive requirements governing use of information technology resources in their care.

7.1.2.2听听Provide 最快开奖直播搅珠结果 community members with any additional requirements governing use of that specific information technology resource prior to granting access to that resource.

7.1.2.3听听Ensure 最快开奖直播搅珠结果 community members agree to abide by information technology specific requirements before access is granted.

7.2 听 Chief Information Security Officer听(CISO)

7.2.1听听Determine if alleged violations of this policy require investigation or further action.

7.2.2听听Refer violations of this policy, where appropriate, to the relevant 最快开奖直播搅珠结果 institutional disciplinary authority.

7.2.3听听Document issues of clarity within this policy or the related standards raised by 最快开奖直播搅珠结果 community members.

7.2.4听听Ensure issues with this policy raised by 最快开奖直播搅珠结果 community members are resolved in a timely manner through revision of this policy and the related standards, if needed.

7.2.5听听Ensure this policy and related standards are reviewed and maintained regularly, but no less than once per year.

7.3听听最快开奖直播搅珠结果 Community Members

7.3.1听听Observe all relevant laws, regulations, contractual obligations, and 最快开奖直播搅珠结果 policies and standards in relation to their access and use of 最快开奖直播搅珠结果 and component institution information technology resources.

7.3.2听听Exercise good judgement in the use of 最快开奖直播搅珠结果 information technology resources.

7.3.3听听Respect the rights and privacy of other community members.

7.3.4听听Respect the security and integrity of 最快开奖直播搅珠结果 information technology resources.

7.3.5听听Protect all enterprise and component institution credentials (username and password) issued to them.

7.3.6听听Report any suspicious activity related to enterprise or institutional accounts or information technology resources immediately according to the Cybersecurity Incident Reporting process.

7.3.7听听Avoid engaging in any prohibited use of information technology resources including the connection of networking equipment to any 最快开奖直播搅珠结果 network and modification or tampering with any 最快开奖直播搅珠结果 network service.

7.3.8听听Understand the ramifications of using a personally owned endpoint or other device to access 最快开奖直播搅珠结果 information technology resources.

7.3.9听听Report alleged violations of this policy to the CISO.

7.4听听Enterprise Technology & Service听(ET&S)

7.4.1听听Provide information technology resources in support of 最快开奖直播搅珠结果 and component institution missions and objectives.

7.4.2听听Safeguard the confidentiality, integrity, availability, and privacy of institutional information and 最快开奖直播搅珠结果 information technology resources.

7.4.3听听Cooperate, upon the advice of the 最快开奖直播搅珠结果 General Counsel鈥檚 Office (GCO), with any local, state, or federal investigation involving or pertaining to use of institutional information or 最快开奖直播搅珠结果 information technology resources.

7.4.4听听Adhere to the rules governing access to specific community member institutional information and/or information technology resources defined in the Access to Password Protected Information Standard.

8.听听Definitions

See the ET&S Cybersecurity Policy & Standard Glossary for full definitions of each term.

Acceptable Use
Anti-virus
Authorization
Availability
Business Application Owner
Chief Information Security Officer
Confidentiality
Copyright
Credentials
Cybersecurity Incident
Encryption
Endpoint Device
Exception
Information Technology Resource
Information
Institutional Information
Integrity
Intellectual Property
Password
Personally Owned Device
Policy
Privacy
Prohibited Use
Standard
Technology Service Owner
Username
最快开奖直播搅珠结果 Community Member
Vulnerability

CONTACT INFORMATION

All other requests can be submitted here: .

C. Information Classification Policy

1.听听笔耻谤辫辞蝉别

This policy informs all 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) community members of their responsibilities related to maintaining the privacy and security of institutional information.听To effectively safeguard institutional information, the 最快开奖直播搅珠结果 community must have a shared understanding of what needs to be protected and what kind of protection is required for different types of institutional information.

To facilitate that shared understanding, this Policy establishes a model for the classification of institutional information that defines each classification and provides examples of the kind of information associated with each classification.听This model shall be used by all 最快开奖直播搅珠结果 institutions to classify information.听The classifications defined here form the foundation for any other policies or standards pertaining to the protection of information.

This policy and the related Information Handling Standards define the minimum requirements for each information classification tier.

2.听听Scope

This policy applies to all institutional information, regardless of storage format (e.g. data/digital, paper).

3.听听Audience

All 最快开奖直播搅珠结果 community members should understand this policy and how it applies to the institutional information they access and use.

4.听听Policy Statement

All 最快开奖直播搅珠结果 and component institution information shall be protected appropriately based on the classification of that information.听Institutional information shall only be shared between, and released to, authorized parties when there is a need to know, and as necessary, to execute job-related duties in alignment with established information handling standards.

4.1听听Classification Structure

To facilitate the development and communication of clear standards, processes, and procedures for implementing the appropriate security controls for each type of institutional information, the Information Classification Model is separated into distinct tiers.听Each tier in the model encompasses specific types of institutional information which require that level of protection.

4.2听听Tier 4 - Restricted Information

4.2.1听听Information is restricted if protection is:

legally defined
required by federal and/or state law (excluding FERPA)
required by contract or industry standard

4.2.2听听Additionally, information can be designated as Restricted by the data steward of that information.

4.2.3听听If compromised or exposed, Restricted information could result in significant institutional cost, harm to institutional reputation, and/or unacceptable disruption of the institution鈥檚 ability to meet its mission.

4.2.4听听Examples of Restricted Information

4.2.4.1听听SSNs and other personally identifiable information as defined by state of NH reporting requirements

4.2.4.2听听Electronic Protected Health Information (ePHI) or non-electronic Protected Health Information (PHI) as defined by HIPAA

4.2.4.3听听Research information that contractually requires specific security or privacy controls

4.2.4.4听听Information protected by PCI-DSS

4.2.4.5听听Information protected by FMLA and GLBA

4.2.4.6听听Information protected through "Affirmative Action" and/or "disability regulation"

4.2.4.7听听Information technology infrastructure, design, security, and authentication stores

4.3听听Tier 3 - Protected Information

4.3.1听听Information is protected if privacy controls are required by regulation or law but required protections do not rise to the level of those mandated for Restricted Information.

4.3.2听听If compromised or exposed, protected information may result in serious institutional cost, harm to institutional reputation, and/or unacceptable disruption of the institution鈥檚 ability to meet its mission.

4.3.3听听Examples of Protected Information

4.3.3.1听听Information protected by FERPA

4.3.3.2听听Library information

4.3.3.3听听Research information that requires protection by contract

4.4听听Tier 2 - Sensitive Information

4.4.1听听Information is sensitive if controlled access is required by institutional policy, by the data steward, by contract, for ethical reasons, and/or if it is at high risk of damage or inappropriate access.

4.4.2听听It includes information which, if compromised, could result in high institutional cost, harm to clients, harm to institutional reputation or unacceptable disruption of the institution鈥檚 ability to meet its mission.

4.4.3听听It includes other information explicitly identified as requiring controlled access, but that does not require the level of protection dictated in the higher tiers.听Any institutional information that has not been designated as falling under another tier shall be considered sensitive.

4.4.4听听Examples of Sensitive Information

4.4.4.1听听Directory information as defined by the institution or by regulation

4.4.4.2听听Intellectual property

4.4.4.3听听Fundraising data

4.5听听Tier 1 - Public Information

4.5.1听听Information is public if it is explicitly identified as public by the data steward responsible for that information. It includes information that may be provided to anyone without any further oversight.

4.5.2听听Examples of Public Information

4.5.2.1听听Contact information of employees that is approved for publication in the public directory

4.5.2.2听听Campus map that has been explicitly approved for public display

4.5.2.3听听Academic calendar that has been explicitly approved for public display

4.6听听Information Handling Requirements

4.6.1听听With the input, oversight, and approval of the institutional data stewards, Cybersecurity & Networking shall be responsible for the development, publication, and maintenance of Standards defining the required security controls for each of the defined tiers.

4.6.2听听Administrative, academic, and business units shall be responsible for the development and maintenance of clear and consistent information handling procedures, aligned with those Standards, in support of operations and business processes that involve the collection, access, use, processing, storage, or transmission of institutional information.

4.7听听Clarification on Classification

4.7.1听听While designated Data Stewards at each institution are responsible for determining the appropriate classification for the information under their stewardship, Cybersecurity & Networking is the central point of contact for questions about or clarification on the appropriate classification of a specific type of information or data element and for the required security controls for each classification.

5.听听Enforcement

Non-compliant technology and/or activities may be mitigated as deemed necessary by the Chief Information Officer and/or Chief Information Security Officer.

Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.

6.听听贰虫肠别辫迟颈辞苍蝉

Requests for exceptions to this policy shall be submitted and approved according to the requirements provided in the 最快开奖直播搅珠结果 Cybersecurity Exception Standard.

7.听听Roles and Responsibilities

7.1听听Administrative, Academic, and Business Units

7.1.1听听Develop and maintain clear and consistent information handling procedures, aligned with the published Information Handling Standards, in support of operations and business processes that involve the collection, access, use, processing, storage, or transmission of institutional information.

7.2听听Cybersecurity & Networking

7.2.1听听Develop standards defining required security controls for each Classification Tier defined in this Policy.

7.2.2听听Provide guidance to 最快开奖直播搅珠结果 community members on the Information Classification Model.

7.3听听Data/Information Stewards

7.3.1听听Determine the appropriate classification for each type of information under their purview.

7.4听听最快开奖直播搅珠结果 Community Members

7.4.1听听Understand the classification of all institutional information with which they interact.

8.听听Definitions

See the ET&S Policy & Standard Glossary for full definitions of each term.

Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Data/Information Steward
Exception
FERPA
GLBA
HIPAA
Information
Institutional Information
PCI-DSS
Policy
Procedure
Protected Information
Public Information
Restricted Information
Security Control
Sensitive Information
Standard
最快开奖直播搅珠结果 Community Member

CONTACT INFORMATION

All other requests can be submitted here: .

D. Password Policy

1.听听笔耻谤辫辞蝉别

The purpose of this policy is to establish the requirements for the proper construction, usage, handling, and maintenance of all passwords at all 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) institutions.听These requirements ensure consistent application of security controls necessary to safeguard the information and information technology resources of 最快开奖直播搅珠结果 and its component institutions.听最快开奖直播搅珠结果 aligns itself with best practices from such organizations as National Institute for Standards and Technology (NIST) and Center for Internet Security (CIS).

2.听听Scope

This policy applies to all passwords used to authenticate to 最快开奖直播搅珠结果 information technology resources or any information technology resource that stores non-public 最快开奖直播搅珠结果 data.

It does not apply to the following types of passwords, the requirements for each are defined elsewhere:

Service Account Passwords - defined as passwords used by an information technology resource to contact or interface another information technology resource
UNH Parent Portal Account Passwords

3.听听Audience

All 最快开奖直播搅珠结果 community members with access to institutional information or information technology resources should be familiar with this Policy and their responsibilities for complying with the requirements it defines.

4.听听Policy Statement

4.1听听Password Change Frequency

4.1.1听听All passwords associated with 最快开奖直播搅珠结果 accounts shall be changed annually with the following exceptions:

System Administrator Accounts (every six months)
All non-primary identity accounts accessed by employees with privileged access shall have passwords changed upon departure of employee.

4.1.2听听最快开奖直播搅珠结果 community members shall be notified of the need to change their password, prior to the password鈥檚 expiration date.

4.1.3听听最快开奖直播搅珠结果 community members with expired passwords shall be restricted from accessing 最快开奖直播搅珠结果 information technology resources.

4.2听听Password Construction

4.2.1听听Passwords shall:

Be between 14 and 64 characters in length
Be sufficiently different from previous passwords
Contain a minimum of 5 unique characters

4.2.2听听Passwords shall not:

include the user鈥檚 first, last, or preferred name, the user鈥檚最快开奖直播搅珠结果 username (e.g., abc1234), or the user鈥檚最快开奖直播搅珠结果 ID (e.g., 991122334)
be re-used
contain number or character sequences of 4 or more (e.g., abcd, 6789, sTuV)
contain characters repeated 4 or more times sequentially (e.g., bbbb, 8888, TttT, &&&&)

4.2.3听听Known compromised or commonly used weak passwords are disallowed.

4.3听听Password Usage

4.3.1听听Passwords used for 最快开奖直播搅珠结果 purposes shall not be used for purposes outside of 最快开奖直播搅珠结果 including, but not limited to personal banking, Amazon, Netflix, etc.

4.3.2听听Passwords used for accessing 最快开奖直播搅珠结果 information technology resources that require local application accounts for authentication shall not be the same as the community member鈥檚最快开奖直播搅珠结果 password.

Local application accounts are accounts for official university applications that do not use 最快开奖直播搅珠结果 credentials听
Examples: Salesforce, 最快开奖直播搅珠结果 Benefits

4.4听听Password Handling

4.4.1听听Passwords shall:

Be treated as sensitive, confidential information
Not be shared with anyone, including administrative assistants or supervisors
Not be written down or stored on-line in clear text
Not be shared in email, chat, or other electronic communication
Not be spoken aloud

4.4.2听听Administrators of information technology resources who need to provide passwords to other administrators may use communication mechanisms for providing those passwords that are approved by Cybersecurity & Networking.

4.4.3听听最快开奖直播搅珠结果 community members shall not use the "Remember Password" feature of web browsers to store 最快开奖直播搅珠结果 passwords.

4.4.4听听Forgotten passwords shall be reset using 最快开奖直播搅珠结果 approved automated mechanisms.

4.4.5听听最快开奖直播搅珠结果 community members with forgotten passwords who are unable to reset their password using automated mechanisms shall provide verification of identity via the approved 最快开奖直播搅珠结果 process.

4.4.6听听Default passwords on all information system components, peripherals, and Internet of Things (IoT) devices shall be changed to passwords that meet the minimum requirements outlined in this Policy prior to installation or deployment.

4.4.7听听Members of 最快开奖直播搅珠结果 Enterprise Technology & Services (ET&S) shall never ask users to provide their password for any 最快开奖直播搅珠结果 account.

4.5听听Compromised Passwords

4.5.1听听最快开奖直播搅珠结果 community members who believe their password has been compromised shall notify their local Help Desk immediately.

4.5.2听听If 最快开奖直播搅珠结果 has reason to believe a community member鈥檚 password has been compromised, the community member鈥檚 access may be revoked, without notification, until the community member鈥檚 identity can be verified, and their password can be reset.

4.5.3听听最快开奖直播搅珠结果 community members with potentially compromised passwords shall provide verification of their identity and set a new password to regain access to 最快开奖直播搅珠结果 information technology resources.

5.听听Enforcement

Failure to comply with this policy puts the University System, its component institutions, and its information and information technology resources at risk and may result in disciplinary action.听Disciplinary procedures will be appropriate for the individual responsible for non-compliance (e.g., students, faculty, staff, vendors) as outlined in the relevant institutional regulations for that individual (e.g., student conduct and/or applicable personnel policies).
Non-compliant technology and/or activities may be mitigated as deemed necessary by the 最快开奖直播搅珠结果 CISO and/or CIO.
Employees who are members of institutionally recognized bargaining units are covered by the disciplinary provisions set forth in the agreement for their bargaining units.

Contractors or vendors that fail to comply with this policy may be in violation of their contract with 最快开奖直播搅珠结果 and risk penalties up to contract termination.

6.听 听贰虫肠别辫迟颈辞苍蝉

Requests for exceptions to this policy shall be submitted and approved according to the requirements provided in the 最快开奖直播搅珠结果 Cybersecurity Exception Standard.

7.听听Roles and听Responsibilities

Application Administrators
- Ensure local application accounts, including those used to administer applications and those enabling community member access, follow all requirements defined in this policy.
Chief Information Security Officer (CISO)
- Enforce this policy and related standards
- Review this policy annually
Enterprise Technology & Services (ET&S)
- Send expiring password notifications to 最快开奖直播搅珠结果 community members
- Disable accounts with expired passwords per the 最快开奖直播搅珠结果 Password Management Standard
最快开奖直播搅珠结果 Community Members
- Comply with all restrictions and requirements outlined in this Policy when selecting passwords for use at 最快开奖直播搅珠结果
- Maintain the confidentiality of 最快开奖直播搅珠结果 passwords
- Use unique passwords on every account (e.g., do not use your 最快开奖直播搅珠结果 password for other accounts)
- Report all cybersecurity events or incidents to Cybersecurity & Networking.听 or example, a 最快开奖直播搅珠结果 password that suddenly stops working without being changed by its owner would be considered a cybersecurity event.

8.听听Definitions

Access
Account
Administrator
Authentication
Compromised Account
Confidentiality
Cybersecurity/Information Security
Cybersecurity Incident
贰虫肠别辫迟颈辞苍听
Identity
Information
Information Technology Resource听
Institutional Information
Internet of Things (IoT)
Non-Primary Identity
Password
Policy
Privileged Access
Security Control
Standard
鲍蝉别谤苍补尘别听
最快开奖直播搅珠结果 Community Member
最快开奖直播搅珠结果 ID

CONTACT INFORMATION

For 最快开奖直播搅珠结果 community members: Questions about this Policy, requests for additional information or training, or reports of violations can be directed to 最快开奖直播搅珠结果 Cybersecurity Governance, Risk, & Compliance (GRC) via this .

All other requests can be submitted here: .
听

E. Privacy Policy

Our Commitment to Privacy

Your privacy is important to us. To better protect your privacy, we provide this policy explaining our websites information practices and the choices you can make about the way your information is collected and used. To make this policy easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested. This policy applies to all information collected or submitted on 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) websites or mobile applications. By using 最快开奖直播搅珠结果 websites, you are consenting to our collection and use of information in accordance with this Privacy Policy.

International Visitors

最快开奖直播搅珠结果 is located in the United States (State of New Hampshire). By providing information to 最快开奖直播搅珠结果, you are transferring your personal data to the United States. If you are providing personal information and are not a resident of the United States, your country鈥檚 laws governing data collection and use may differ from those in the United States.听

The Information We Collect

Personal Information

最快开奖直播搅珠结果 collects personal information about you through our websites and mobile applications only when you voluntarily submit your information to us.

"Personal information" is any information that can be used to identify you or that may be linked to you. This information is commonly limited to the information found in a public directory, such as first name, last name, postal address, email address, and phone number.听

Certain 最快开奖直播搅珠结果 websites allow individuals to create and maintain individualized accounts. Where these sites are concerned, users have the responsibility of maintaining the confidentiality of their accounts and passwords, and for restricting access to their computers. Users agree to accept responsibility and repercussions for all activities that originate from their accounts.

Log Files

最快开奖直播搅珠结果 and our third-party vendors may automatically collect certain information regarding your use of our websites, devices and applications. Information collected includes:

Your session and the pages you visit;听
Network device addresses such as IP address;
Cybersecurity Metadata such as vulnerability data, patch levels and malware data;
Date and time of access;
Operating system of the device through which you access 最快开奖直播搅珠结果 websites;
Browser type and version, the monitor screen size and color depth and other plugin and program information as sent by your browser.

The generic information we collect is based on IP address, which is the location of a computer or network.听 We may use or disclose your IP address and data connection-specific information, to help us diagnose problems with our servers and network, and to administer our websites by identifying (1) which parts of our sites are most heavily used, and (2) where our audience comes from, from both within and outside the 最快开奖直播搅珠结果 data networks.听 In addition, generic information collected during your visit can be associated with you, if 1) you choose to provide your personal information during your visit, 2) for marketing and development purposes, 3) it is necessary to do so to investigate an cybersecurity incident, and/or 4) we are required to do so by law or court order.

Mobile Applications

When you install mobile applications with the publisher name 鈥淯niversity of New Hampshire,鈥� 鈥淜eene State College,鈥� 鈥淧lymouth State University鈥� or 鈥淕ranite State College鈥�, the application may ask for permission to use or access:

GPS services

Push notifications听

Camera

The general information described above may be aggregated with the general information of all site visitors to identify and improve how our websites or applications are used. In turn, we may share this aggregate information about our site with partners or the general public. Aggregate data does not contain any information that could be used to contact or identify you.

Web Analytics

Some 最快开奖直播搅珠结果 websites and mobile applications (鈥渁pps鈥�) use Google Analytics, a service provided by Google, Inc. Google Analytics places a cookie on your computer or a code embedded in the mobile application to analyze how you use the site or app. The information generated by the cookie is transmitted to and stored by Google on its servers. Google uses this information to compile reports on website and mobile activity, and then the university site and application owners use that information to improve their sites and apps. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google does not associate your IP address with any other data held by Google.

Cookies

Cookies are small files that are stored on your computer (unless you block them). We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. You may disable cookies by selecting the appropriate settings in your browser or you can opt out of the collection and use of this information; however, this may prevent you from experiencing the full functionality of our websites.

Other Sources

最快开奖直播搅珠结果 may receive information about you from other sources, including third parties, that help us update, expand, and analyze our records, identify new customers, or prevent or detect fraud. 最快开奖直播搅珠结果 may also receive information about you from social media platforms, including but not limited to, when you access our social media content or interact with us on these platforms. The information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform; therefore, we encourage you to review them.

How We Use Collected Information

最快开奖直播搅珠结果 may use the information we collect:

To respond to your inquiries;
To provide services or materials you request;
To operate and understand how services are utilized;
To maintain our contact list(s);
For marketing and development purposes;
To provide business services for which the information is intended;
To assess the effectiveness of our events, campaigns, and publications;
For information processing that is reasonably appropriate or necessary within our legal obligations.

On some pages, you can request information, make requests, and register to receive materials or make recommendations about other people. We use the personal information you provide when placing a request to complete that request to the best of our ability. We use return email addresses to answer the email we receive. Such addresses may be used to communicate further with you for internal marketing and development purposes.听 You can choose to opt out of receiving marketing communications from us by 鈥渦nsubscribing鈥� using the instructions in any marketing email you receive from us.听

We process your Personal Information for the purposes described above to facilitate transactions requested by you and to meet our contractual obligations (for example, registering you for events); on the basis of our legitimate interests (for example, website analytics); or on the basis of your consent, where applicable.

How We Share Collected Information

We do not share this information with outside parties except for the following limited purposes:

When we have your consent to share the information;
To the extent necessary to complete your request;
To verify (or match) information about you from other sources;
With 最快开奖直播搅珠结果 school officials and administration;
In response to subpoenas, court orders, or legal processes;
As we deem necessary to protect the legitimate interests, rights, safety or property of the 最快开奖直播搅珠结果 and its component institutions.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above. If we are required to disclose information by law or court order, we will make reasonable efforts to notify any affected parties in advance.

Internet-Based Advertisements

We use tools such as Google Adwords to remarket to individuals who visit our program and promotional pages. Third-party vendors, such as Google, show our ads on sites across the internet, and in some cases, use cookies to serve ads based on someone's past visits to our website. You can opt out of Google's use of cookies by visiting Google's . You can also opt out of all third-party vendor use of cookies by visiting the .

Our Commitment to Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Our Commitment to Children's Privacy

We are committed to protecting the privacy of the very young. While our websites are generally not directed at or intended to attract visitors under age 13, our institutions do run certain programs for children for which online registration or participation is available. For those activities, the following additional Children's Privacy Policy supplements this 最快开奖直播搅珠结果 Privacy Policy.

Children's Privacy

We recognize the need to provide additional privacy protections when information is collected from or about children under the age of 13. The following guidelines apply to activities (including but not limited to on-campus camps or lessons for children and online activities designed for children), in addition to our general Privacy Policy. These rules follow the Children's Online Privacy Protection Act (COPPA).

Information We May Collect

We may collect the following information about a child who will participate in a 最快开奖直播搅珠结果-administered youth activity:

Name
E-mail address
Street address
Date of birth (to ensure enrollment in age-appropriate activities)

Depending upon the activities in which your child chooses to participate, your child may be asked or choose to provide additional information. We do not require a person to disclose more information than is reasonably necessary to participate in an activity.

How We Use the Information

We use the information about your child to register your child for a 最快开奖直播搅珠结果 event and to insure appropriate content and safety for participants. 最快开奖直播搅珠结果 and its institutions will not disclose a child's information to any third party without parental authorization, except as may otherwise be required by law.

Parent/Guardian Consent

We will not collect or store online information from or about a child under age 13 until we have received a parent's or guardian's verified consent.

Parents or Guardians may review their child's personal information in our online databases; correct factual inaccuracies in the information collected about their child; refuse to permit us to collect further personal information from their child; and ask that information be deleted from our online records. Appropriate contact information for parents will be provided on every webpage promoting or permitting activities by children under age 13.

COPPA Notice Template

A is provided for use by the institutions of 最快开奖直播搅珠结果.

Questions Regarding this Privacy Policy

If you have questions about the data we collect, how that data is used, or this privacy policy in general, please contact the appropriate 最快开奖直播搅珠结果 Institution:

Granite State College: gsc.help@granite.edu or 1-888-372-4270
Keene State College: helpdesk@keene.edu or 1-603-358-2532
Plymouth State University:听 helpdesk@plymouth.edu or 1-603-535-2929
University of New Hampshire: IT.Security@unh.edu听
University System of NH (最快开奖直播搅珠结果): 最快开奖直播搅珠结果.desktop.support@usnh.edu

External Links

Some 最快开奖直播搅珠结果 websites may contain links to external websites not owned by, or officially affiliated with, 最快开奖直播搅珠结果 in any way. 最快开奖直播搅珠结果 is not responsible for the privacy practices or the content of such websites.

Changes to this Policy

We reserve the right to change, modify, add or remove portions of our privacy statements at any time. Any such amendments will be noted on this page, so please visit periodically to view current statements.

最快开奖直播搅珠结果