Web Security Standard

Web Security Standard

The Web Standard provides measures to prevent, detect, and correct compromises on web servers that host RIT Confidential information or use RIT Authentication services. The standard includes configuration and documentation requirements.

Documented Standard

  • Current Web Security Standard (supersedes previous version, comply by 1/23/15)
  • 11/11/13 Web Standard PDF (effective through 1/22/15)
  • NOTE: As of 12/5/2014, SSL is no longer considered to be secure.

When am I required to follow the standard?

  • If you own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
  • If you have a web page at RIT, official or unofficial, and you use RIT authentication services.

Scanning

  • Effective 2/13/15, the RIT Information Security Office no longer provides scanning services to support RIT web pages. Contact us for more information.

Resources

Updated 2/11/2015