Procedures & Standards
This section contains procedures and standards to be used by all machines connecting
to the usf.edu domain, as well as the personnel who use and administer them. The
procedures and standards are reviewed annually by the Information Security Workgroup
at USF. Compliance to the standards posted in this section is required.
ISSP-001 - Sensitivity and Criticality of Data
This document offers guidelines for the classification of electronic resources within the University of South Florida according to their level of criticality and sensitivity.
ISSP-002 - Incident Response and Investigation
Document Outlines steps taken during incidents involving data security at USF.
ISSP-003 - Active Directory Settings
Minimum Account Lockout and Password Policy settings for servers belonging to the usf.edu forest.
ISSP-004 - Removal of Network Access
USF must take immediate action to mitigate any threats that have the potential to pose a serious risk to the campus network, campus computers or the Internet. This document outlines situations in which machines conencted to the USF network would have access suspended.
ISSP-005 - Choosing Strong Passwords
Passwords are the first line of defense on any system connected to the network. It is not enough to simply have any password associated with an account. Passwords must be chosen in such ways that the casual hacker would not gain access to the account simply by trying a few easy combinations.
ISSP-006 - Securing Sensitive Computers
All computers connected to the network must be appropriately protected. Computers used at USF which contain information considered sensitive require additional measures of protection. This document outlines the recommended steps local administrators must take during the initial setup and ongoing maintenance of such computers.
ISSP-008 - Wireless Network Installations
This document covers some general wireless network installation guidelines that must be followed to ensure USF's campus-wide wireless offerings are compatible, provide mobility between locations, and prevent unauthorized access. Note: Please read this document carefully. Any unauthorized wireless router found on our network will have its connection turned off immediately.
ISSP-009 - Media Disposal
Sensitive data, such as proprietary information and student information, may reside on various types of media throughout the University. Due to technological advancements, simple deletion or formatting does not provide enough protection of sensitive data. Deleted files usually will remain on the media for long periods of time, and many software tools are now available to recover such data. Once destroyed in the manner described, these files cannot be recovered. USF and/or the ISW are not responsible for unwanted effects the use of this software may cause. Do not use the methods described unless you are certain the data will no longer be needed.
ISSP-012 - Data Protection Standards for Mobile Devices
All laptops purchased by the University must have approved whole disk encryption software installed to better protect Personal Identifiable Information (PII).
ISSP-013 - Request for Storage of PII on a Mobile Device
Please use this form when requesting to utilize a laptop or mobile device to store Personal Identifiable Information
ISSP-014 - Request for Storage of Social Security Numbers
The USF System will no longer use nor permit the use of a Social Security Number (SSN) as an identifier for a person in any USF System information system unless the use of the SSN is imperative for the performance of the USF System's duties and responsibilities as prescribed by law.
ISSP-015 - Server Address Assignment and ACL Requests
In order to improve the security posture of the servers part of the IT SVC Data Center and Winter Haven Data Center, the IT's Office of Information Security, in conjunction with Communications Infrastructure and the Data Center Infrastructure group have established a set of network procedures to be followed when setting up a server.
ISSP-017 - Application Owner and Vendor Questionnaire
Vendor will complete this questionnaire.
ISSP-018 - SQL Update Request and Approval Process
This document outlines the procedure for approval request, verification, implementation, and review of direct SQL updates to all enterprise databases maintained by Information Technologies, including but not limited to OASIS (Banner), GEMS, and/or FAST (Peoplesoft) databases.