Web Security Standard

Web Security Standard

The Web Standard provides measures to prevent, detect, and correct compromises on web servers that host RIT Confidential information or use RIT Authentication services. The standard includes configuration and documentation requirements.

Documented Standard

  • Current Web Security Standard (reflects 2015 operational transition, supersedes previous version, comply by 1/23/15)
  • NOTE: As of 12/5/2014, SSL is no longer considered to be secure.

When am I required to follow the standard?

  • If you own, administer, or maintain
  • ... ...

Server Security Standard

Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security... ...

Desktop and Portable Computer Security Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Desktop and Portable Computer Standard

  • Current Desktop/Portable Computer Standard (reflects 2015 operational changes, supersedes previous version, effective 1/23/15)

What does it apply to?

  • All RIT-owned or leased computers.
  • Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard is not required for:

The following devices should employ these controls... ...

Private Information Management Initiative (PIMI) FAQ

Jump to:







What is the Private Information Management Initiative?

The Private Information Management Initiative (PIMI) is a program where RIT Information Technology Services helps RIT faculty and staff scan their computers and attached drives to determine if they contain private information (PI). When PI is found, each RIT faculty and staff member is responsible for remediating the private information by scrubbing or shredding the files.

The program also includes destruction of paper files containing nonessential PI.

The goals of the program are to identify and reduce... ...

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongly discourage placing Private Information on portable media.


Approved Portable Media 

When handling RIT Private or Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...