Encryption

Web Security Standard

Web Security Standard

The Web Standard provides measures to prevent, detect, and correct compromises on web servers that host RIT Confidential information or use RIT Authentication services. The standard includes configuration and documentation requirements.

Documented Standard

When am I required to follow the standard?

  • If you own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
  • If you have a web page at RIT, official or unofficial, and you use RIT authentication services.

Scanning

  • The RIT Information Security Office provides scanning services to support RIT web pages. Contact Paul Lepkowski, RIT Security Engineer, for more information.

Resources

Updated 12/5/2014

Desktop and Portable Computer Security Standard

Desktop and Portable Computer Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Desktop and Portable Computer Standard

What does it apply to?

  • All RIT-owned or leased computers.
  • Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard is not required for:

The following devices should employ these controls to the extent possible commensurate with the risk of the information that is accessed or stored on them.  

  • Computers used only to access RIT web pages, Webmail, etc. from off campus. (RIT strongly recommends that users follow the requirements of the standard on all computers.)
  • Mobile devices (tablets, cell phones), pagers, PDAs, copiers and other special purpose devices that connect to the Institute network solely through Web, portal, or application access.
     

Storage of Private information is prohibited on these devices. 

What do I need to do?

 

Pages

Subscribe to RSS - Encryption