Information Security Policies and Standards

Know your rights and responsibilities concerning the proper and ethical use of technology on campus by reading the policies, standards and guidelines set down by federal, state and UCF policymakers on our IT Policies, Security Standards and Guidelines page.

University Policies

University-wide policies, including those relating to IT, security, and compliance, can be found at https://policies.ucf.edu/

Security Standards

101 Multi Function Device (MFD) Standards

STANDARDS STATEMENT:

All who have access to use a networked university Multi-Function Devices (MFD) have the responsibility to ensure the overall security of the data and documents it processes. Members of the university using or administering MFDs should comply with the Data Classification and Protection policy (4-008) and the standards set forth in this document.

101 Multi-Function Device (MFD) Standards

102 Workstation and Mobile Device Security Standards

STANDARDS STATEMENT:

The purpose of this document is to establish minimum-security standards that should be applied to all university workstations and mobile devices in order to maintain the confidentiality, integrity, and availability of university information systems. All security controls should be proportional to the data processed by the system. The following controls are recommended for all systems; however, controls denoted with an 'X' are required.
Any exception to the standards must be documented and approved by the Information Security Office in advance.

103 Server Security Standards

STANDARDS STATEMENT:
The purpose of this document is to establish minimum-security standards that should be applied to all university servers in order to maintain the confidentiality, integrity, and availability of university information systems. All security controls should be proportional to the data processed by the system. The following controls are recommended for all systems; however, controls denoted with an 'X' are required.
Any exception to the standards must be documented and approved by the Information Security Office in advance.

107 System Banner Standards

STANDARDS STATEMENT:

System banners are critical to inform potential users of a system of the terms, advisories, and consents under which they agree to use the system. These can include university policies and regulations as well as state and national laws. Further, it indicates their consent to monitoring of their usage. Finally, they outline possible consequences to violations and other unacceptable use. The UCF Information Security Office has developed the following statements to meet this need.

107 System Banner Standards

 

152 Network Security Zones

The Network Zones Classification outlines a simple way to classify network zones (e.g. subnets, segments, and VLANs) at UCF based on the types of systems within them.

Such a classification allows for the general description of the network standards (including network security controls) that apply to each zone, such as the degree to which each zone can connect to other zones within the UCF network, and the level of internet connectivity intended for each zone.

See below for a graphical representation of the standard.

152 Network Zones Classification Standards Diagram

501 Password Standards

STANDARDS STATEMENT:

Passwords are the most frequently utilized form of authentication for accessing a computing
resource. Due to the use of weak passwords, the proliferation of automated password-cracking
programs, and the activity of malicious hackers and spammers, they are very often also the
weakest link in securing data. Greater risks require a heightened level of protection. Passwords
must therefore follow these standards.

501 Password Standards

702 TLS / SSL Standards

The purpose of this standard is to define how TLS certificates (commonly known as SSL certificates), protocols, and cipher suites are to be configured to confirm identity, secure communications between devices via encryption in transit, and ensure the integrity and confidentiality of transmissions for Information Technology (IT) services provided by the University of Central Florida.

702 TLS - SSL Security Standards

Standards Open for Review

The Information Security Office posts drafts of standards, either new standards or revisions of existing ones, for review by the IT community at UCF. You can find all of the Security Standards currently open for review here (Redirects to Sharepoint)

State and Federal Policies and Guidelines

  • Florida Computer Crimes Act
    Computer users shall comply with all applicable user conduct codes and rules, laws, and regulations governing the use of computer and telecommunications resources under Chapter 815, Florida Statutes, Computer Crimes Act.
  • The United States Code
    This is a current copy of the US Code if there is a specific federal law you want to visit.
  • FERPA
    Family Educational Rights and Privacy Act.
  • DMCA
    Digital Millennium Copyright Act contains legislation concerning the circumvention of copyright protection systems, fair use in a digital environment, and online service provider liability.
  • HIPAA
    The Health Information Portability and Accountability Act.

 


Request further information or send your feedback to infosec@ucf.edu.