• I. Overview
• II. Policy Statement
• III. Rationale
• IV. Audience
• V. Procedures
  • 1. Information Resources Security Responsibility and Accountability
  • 2. Acceptable Use
  • 3. Account Management
  • 4. Administrative/Special Access
  • 5. Backup Recovery of Systems and Data
  • 6. Change Management
  • 7. Computer Virus Protection
  • 8. Classification of Sensitive (Category-I) Digital Data
  • 9. Risk Management
  • 10. Reduction of Use and Collection of Social Security Numbers
  • 11. Management of Sensitive Digital Data
  • 12. Electronic Mail (E-mail)
  • 13. Incident Management
  • 14. Internet Use
  • 15. Information Services Privacy
  • 16. Network Access
  • 17. Network Configuration
  • 18. Passwords
  • 19. Physical Access
  • 20. Portable Computing and Remote Access
  • 21. Security Monitoring
  • 22. Security Training
  • 23. System Hardening
  • 24. Software Licensing
  • 25. Secure Development and Administration
  • 26. Vendor Access
  • 27. Right to Monitor
  • 28. Disciplinary Actions
• VI. Implementation
• VII. Appendix
• VIII. Definitions

Information Resources Use and Security Policy

23. System Hardening

Systems are used to process and transmit information and services throughout the university. Information and services must be processed and transmitted securely and reliably to assure that data confidentiality, integrity, and availability are preserved.