Standard

Signature Standard

Signature Standard

RIT uses a standardized signature to make authentic Institute communications easily recognizable. Uses of common signature elements by senders will help recipients detect counterfeit e-mails and phishing attempts. For more information, see the Signature Standard.

Who do the requirements apply to?

The requirements apply to:

  • All senders of e-mail related to Institute academic or business purposes sent by RIT faculty or staff using an RIT or non-RIT e-mail account. (The standard also applies to course-related e-mail sent via the RIT MyCourses system.)
  • All creators of Message Center communications.
  • E-mail messages sent from portable devices.
 

The requirements do not apply to:

  • Personal e-mail and e-mail sent by students. RIT students are encouraged to create an e-mail signature which makes their e-mail easily identifiable as authentic.

What do I have to do?

All e-mail or Message Center communications that support academic or business functions should contain the following:

  1. The name of the sender. (A department name is not an acceptable substitute for the name of a sender.)
  2. The name of the RIT-Specific organization or department the sender represents.
  3. A university telephone number, building address, and e-mail address (where available) that the recipient may use to contact the sending department with questions or to verify the authenticity of the e-mail. Web addresses may be included, but may not be the primary means of contact.
  4. The official RIT Confidentiality Statement 

    Note that the Confidentiality Statement is not required for e-mails containing only Internal or Public information (e.g., mass communications such as Message Center, or mass mailings to external audiences such as prospective students, parents, etc.)

 

Password

Passwords

Having a strong password is increasingly important. Weak passwords can be "guessed" or "cracked" using free software available online, allowing unauthorized access that can result in identity crimes, extortion, or damage to reputation through the disclosure of sensitive or private information (yours and RIT's). Choosing a strong password and changing it regularly are two of the most important things you can do to protect yourself online.  Follow the password standard and subscribe to our social media outlets for password tips and tricks!

Password Standard

Documented Standard

Summary

  • Be at least 8 characters long (a longer passphrase is preferred)
  • Use both upper and lower case letters and at least one number, and one special character
    • We suggest putting numbers and special characters in the middle of the password, not at the beginning or end
  • Change it annually (at a minimum)
  • DO NOT use your username
  • DO NOT reuse for at least six changes of password

For more information, visit Creating Strong Passwords

RIT Computer Accounts

To change the password for your RIT Computer Account, visit http://start.rit.edu. Contact the ITS HelpDesk (585-475-HELP) if you've forgotten your password or it is not working.
 

Desktop and Portable Computer Security Standard

Desktop and Portable Computer Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Desktop and Portable Computer Standard

What does it apply to?

  • All RIT-owned or leased computers.
  • Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard is not required for:

The following devices should employ these controls to the extent possible commensurate with the risk of the information that is accessed or stored on them.  

  • Computers used only to access RIT web pages, Webmail, etc. from off campus. (RIT strongly recommends that users follow the requirements of the standard on all computers.)
  • Mobile devices (tablets, cell phones), pagers, PDAs, copiers and other special purpose devices that connect to the Institute network solely through Web, portal, or application access.

Storage of Private information is prohibited on these devices. 

What's new with the 2015 standard?

The key changes that impact end users are around encryption and managing Private Information. All systems (laptop or desktop) that access Private Information will be encrypted. (Previously, all laptop computers were encrypted, regardless of whether or not they accessed Private Information.) At the discretion of your deans and vice presidents, any systems (laptop or desktop) that do not access Private Information and that report no unprotected matches in the Identity Finder scan reports may have encryption removed. (You will still need to run monthly Identity Finder scans and remediate any unprotected matches.)

Note that lab computers and grant-funded computers that don’t access Private Information are not required to run Identity Finder. If you have any questions about whether a computer is required to run Identity Finder or about encryption requirements in your area, contact your PIMI rep

What do I need to do?

 

Pages

Subscribe to RSS - Standard