IT Standards

These standards establish requirements for the use of certain information technology resources. 

AWS Data Center

This standard defines the standard for administrators who are granted access to the Office of Information Technology AWS data center.

AWS Data Center Standard

Cloud Services Security

This standard describes the requirements for cloud services used for University business or data.

Notre Dame Cloud Services Standard

Data Center Network Access

This standard defines the higher security standard administrators are held to when accessing the data center.

Data Center Network Access Standard

Domain Name Service/Dynamic Host Configuration Protocol (DNS/DHCP)

The purpose of these standards is to define the registration and subsequent maintenance of numeric IP addresses and network domain names owned by the University.

DNS/DHCP Standards

Highly Sensitive Information Handling

This standard defines minimum required controls for highly sensitive University information in any form. Additional controls required under applicable laws, regulations, or standards governing specific forms of data (e.g., health information, credit cardholder data), may also apply.

IT Security for International Travel

The standard defines the security standard Notre Dame faculty, staff and students should be following when traveling to international destinations with a laptop, mobile phone, or other mobile devices to conduct University business. 

IT Security for International Travel Standard

NetID Standard

This standard defines the components of the NetID and password -- the primary authentication mechanism at the University to allow access to well-defined services including, but not limited to, email, NetFile, the insideND portal, and the University's wired and wireless networks. 

NetID Standard

Privileged Accounts

This standard describes the University of Notre Dame's requirements for acceptable privileged credential configuration, use, and maintenance. Because of their greater access to networks, resources, and data than general user accounts, privileged accounts represent a greater risk to the University. 

Privileged Account Standard

Access to Individual Accounts and Account Data

IT staff may not access individual accounts or information stored by an individual in a technology service without permission. This standard includes University-owned computer systems, IT services hosted on campus, and University cloud-based services (e.g. Google Apps, Box). The following provisions apply to this standard.

Access to Individual Accounts and Account Data

Security Configuration Standards

These standards define security configuration requirements for all University network-connected devices and systems to establish a secure computer environment. 

SSL Certificates

This standard defines how SSL certificates are to be used to confirm identity, secure communications between devices, and ensure the integrity of transmissions for Information Technology (IT) services provided by the Office of Information Technology (OIT) or other departments at the University of Notre Dame.

SSL Certificate Standard

Strong Passwords

This standard describes the University's requirements for acceptable password selection and maintenance. It applies to passwords used by systems that participate in the Notre Dame enterprise authentication employed in conjunction with the NetID to connect to Notre Dame network-based services. 

Strong Password Standard