Requirements

Information Access & Protection Standard

Information Access & Protection Standard

The Information Access & Protection (IAP) Standard provides requirements for the proper handling of information at RIT.

Information Classifications

The standard classifies information into four categories: Private, Confidential, Internal, and Public.

Private information

Private information is information that is confidential and which could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:

  • Social Security Numbers (SSNs), Individual Taxpayer Identification Numbers (ITINs), or other national identification numbers
  • Driver’s license numbers
  • Financial account information (bank account numbers, checks, credit or debit card numbers), etc.

Confidential... ...

Password

Passwords

Having a strong password is increasingly important. Weak passwords can be "guessed" or "cracked" using free software available online, allowing unauthorized access that can result in identity crimes, extortion, or damage to reputation through the disclosure of sensitive or private information (yours and RIT's). Choosing a strong password and changing it regularly are two of the most important things you can do to protect yourself online.  Follow the password standard and subscribe to our social media outlets for password tips and tricks!

Password Standard

Documented Standard

  • Current Password
  • ... ...

Desktop and Portable Computer Security Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Desktop and Portable Computer Standard

  • Current Desktop/Portable Computer Standard (reflects 2015 operational changes, supersedes previous version, effective 1/23/15)

What does it apply to?

  • All RIT-owned or leased computers.
  • Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard is not required for:

The following devices should employ these controls... ...

Signature Standard

Signature Standard

RIT uses a standardized signature to make authentic Institute communications easily recognizable. Uses of common signature elements by senders will help recipients detect counterfeit e-mails and phishing attempts. For more information, see the Signature Standard.

Who do the requirements apply to?

The requirements apply to:

  • All senders of e-mail related to Institute academic or business purposes sent by RIT faculty or staff using an RIT or non-RIT e-mail account. (The standard also applies to course-related e-mail sent via the RIT MyCourses system.)
  • All creators of Message Center communications.
  • E-mail messages sent from portable devices.
 

The requirements... ...

Requirements for Students

Requirements for Students

 

... ...
Standard
When does it apply?

Desktop and Portable Computer Standard

Always

Password Standard

Always

Signature Standard

Always - All authentic RIT communications should include an appropriate signature as per the