IT Security Standards
University Computer Security Standards
The Ohio State University data network is a shared resource used by the entire university community and its affiliates in support of the university’s business practices and academic missions. Access to the data network is both an essential tool for university life and work and a valuable privilege. University units and community members must cooperate to protect the network by securing computer and network devices in order to preserve that access.
The Chief Information Officer (OCIO) is responsible for the efficient, effective and secure operation of the university data network. Concurrently, academic, administrative and support units are responsible for the efficient, effective and secure operation of their local networks.
The University Computer Security Standard (UCSS) is designed to help protect the university’s central and distributed telecommunications and computing environment from accidental or intentional damage and from alteration or theft of data while preserving university community members’ appropriate access and use.
The UCSS is comprised of multiple standards that include:
Requires computers to use firewall software, have current software, anti-malware software and have a user name and password
Defines specific mandatory requirements for servers that have been deemed critical
Defines specific mandatory requirements for web servers that have been deemed critical
Defines specific mandatory requirements for database servers that have been deemed critical
Local Administrative Privilege
Defines requirements for developing a local administrative privilege process and plan
