Web Security Standard

Web Security Standard

The Web Standard provides measures to prevent, detect, and correct compromises on web servers that host RIT Confidential information or use RIT Authentication services. The standard includes configuration and documentation requirements.

Documented Standard

  • Current Web Security Standard (reflects 2015 operational transition, supersedes previous version, comply by 1/23/15)
  • NOTE: As of 12/5/2014, SSL is no longer considered to be secure.

When am I required to follow the standard?

  • If you own, administer, or maintain
  • ... ...

Security Standard: Solutions Life Cycle Management

Security Standard: Solutions Life Cycle Management






The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:


  • host or provide access to Private or Confidential information
  • support a Critical Business Process





The following security controls are required to be implemented.


1.      Engagement


1.1.   Contact the Information Security Office and ITS prior to investigating, evaluating, selecting, or developing a new... ...