These standards establish requirements for the use of certain information technology resources.
AWS Data Center
This standard defines the standard for administrators who are granted access to the Office of Information Technologies AWS data center.
Cloud Services Security
This standard describes the requirements for cloud services used for University business or data.
Data Center Network Access
This standard defines the higher security standard administrators are held to when accessing the data center.
Domain Name Service/Dynamic Host Configuration Protocol (DNS/DHCP)
The purpose of these standards is to define the registration and subsequent maintenance of numeric IP addresses and network domain names owned by the University.
Highly Sensitive Information Handling
This standard defines minimum required controls for highly sensitive University information in any form. Additional controls required under applicable laws, regulations, or standards governing specific forms of data (e.g., health information, credit cardholder data), may also apply.
- Information Handling Standard for Bank Account Numbers
- Information Handling Standard for Driver's License Numbers
- Information Handling Standard for HIPAA Data
- Information Handling Standard for Social Security Numbers
- Credit Card Handling Standard
IT Security for International Travel
The standard defines the security standard Notre Dame faculty, staff and students should be following when traveling to international destinations with a laptop, mobile phone, or other mobile devices to conduct University business.
This standard defines the components of the NetID and password -- the primary authentication mechanism at the University to allow access to well-defined services including, but not limited to, email, NetFile, the insideND portal, and the University's wired and wireless networks.
This standard describes the University of Notre Dame's requirements for acceptable privileged credential configuration, use, and maintenance. Because of their greater access to networks, resources, and data than general user accounts, privileged accounts represent a greater risk to the University.
Access to Individual Accounts and Account Data
IT staff may not access individual accounts or information stored by an individual in a technology service without permission. This standard includes University-owned computer systems, IT services hosted on campus, and University cloud-based services (e.g. Google Apps, Box). The following provisions apply to this standard.
Security Configuration Standards
These standards define security configuration requirements for all University network-connected devices and systems to establish a secure computer environment.
This standard defines how SSL certificates are to be used to confirm identity, secure communications between devices, and ensure the integrity of transmissions for Information Technology (IT) services provided by the Office of Information Technologies (OIT) or other departments at the University of Notre Dame.
This standard describes the University's requirements for acceptable password selection and maintenance. It applies to passwords used by systems that participate in the Notre Dame enterprise authentication employed in conjunction with the NetID to connect to Notre Dame network-based services.