Standards

Showing: All results

Access Control Standard

This standard and associated guidance establishes a university set of standards for information technology to maximize the functionality, security, and interoperability of the information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies.

Control Zone Standard

This standard and associated guidance outline the control zones that have been defined in the WashU network for identified information security controls to be effectively applied within the zones to protect information.

Digital Certificate Standard

This standard and associated guidance will provide a well-defined and organized approach for any IT infrastructure containing a digital certificate.

Encryption Standard

This standard and associated guidance will provide the requirements to protecting the integrity and confidentiality of WashU information – at rest and in motion – stored, transmitted, transferred to portable media, and sent through messaging systems to entities outside of WashU.

End of Support Standard

This standard and associated guidance provides organized approach for managing assets nearing end of support in the WashU environment.

Infrastructure Standard

This standard and associated guidance establishes an organized approach for applying standards and controls for workstations, servers, and peripheral devices connecting to all segments of the WashU network to ensure security of the information that is stored, processed, or transmitted and to maintain compliance with the state, local, and federal regulations.

Media Protection Standard

This standard and associated guidance provide requirements to protect WashU information and the systems accessing and/or storing the information based on the information classification scheme. Following the appropriate processes and controls when media is labelled, used, transported, reused, and/or disposed will reduce the risk of information to unauthorized individuals.

Network Security Standard

This standard and associated guidance are meant to provide to the computing community of WashU directives to help ensure the protection and the privacy of information, protection of information against unauthorized modification or disclosure, protection of systems against denial of service, and protection of systems against unauthorized access. It is intended to protect the integrity of the network and mitigate the risks and losses associated with external and internal threats.

System Classification Standard

This standard and associated guidance establishes system classification based on the information the system will access or store.

VPN Standard

The purpose of this standard and associated guidance is to provide the minimum requirements for Virtual Private Network (VPN) connections to HIGH trust networks.

Vulnerability Management Standard

This document describes the process to find and fix vulnerabilities before criminals can exploit them.

Wireless Standard

This objective of this standard and associated guidance is to secure and protect the wireless network and WashU information assets. These resources are a privilege and will be managed responsibly to maintain the confidentiality, integrity, and availability of all information assets.