The Information Security Office (ISO) has provided security guidance to shared services to provide safe and secure computing to the community of educators, researchers, clinicians, etc. Given the multiple classifications of information within the community, how to handle it within the offered services, and safely make it available to those who need it resulted in a network restructuring known as “One Campus”.
The “One Campus” design presents a shift in protection responsibilities of the required and necessary controls. As upcoming threats emerge and risks are identified, the design lends itself to the applications of controls without impacting other networks that present less risk. Information and assets are to be grouped together based on their functions and the information they use.
The recommendation to divide or segment the enterprise network into secure network segments or “Trust Zones” is a step to create a secure layered network infrastructure that is consistent with moving security controls closer to the data that they are intended to protect.
The concept of Trust Zones is an IT industry, widely accepted best practice for establishing security boundaries, control points and accountabilities. A Trust Zone is a logical entity containing one or more types of services or entities. Trust Zones group together those entities with similar security requirements and levels of risk. Further segmentation within the Zones may be supported to allow each service and businesses program the level of security isolation they require.
Multiple zones are required for the protection of IT assets and information which coincides with the different classes of information (Protected, Confidential and Public) in which the class is used to place the information into the appropriate zone. Controls within the zones are important, since weaknesses and vulnerabilities can be exploited at each one to affect the confidentiality, integrity, or availability of the information.
All Washington University Networks except those designated by ISO and WashU Information Technology Networking
Roles and Responsibilities
The ISO will classify departments and school personnel, groups and resources into the applicable zones based on information access and usage.
WashU Information Technology will run the discovery process to ascertain the necessary information required to classify and implement the minimal controls and access.
WashU Information Technology EUS/School IT staff will implement the minimal controls on the endpoints.
WashU Information Technology Networking will provision the applicable access into and out of the control zones.
All university networks will be placed into the “One Campus” network design with the required minimal controls for control zones designated as High, Moderate and Low. All other networks will be designated as un-trusted.
All exceptions to this policy are to be escalated to the CIO and CISO for review and consideration of alternatives.
Information Classification Policy
System Classification Standard
Control Zone Standards
Minimal Control Zone Standards
Title: One Campus Security Posture Policy
Version Number: 1.0
Creation Date: 10/03/2018
Approval Date: 11/15/2018
Applicability: WashU Networks
Reference Number: 02.10
Policy Owner: WashU Information Technology