Your Location: Park.edu Home > Information Security > Policies and Procedures > HTML Contents
Information Technology Policies and Procedures
“De-Militarized Zone” Network Equipment Policy
University information technology resources that connect directly to the Internet are considered part of a "De-Militarized zone" (DMZ) on the University Information Technology Network. These resources are particularly vulnerable to attack since they are directly accessible from the Internet.
The purpose of this policy is to articulate standards that govern the use of all University Information Technology Network information technology resources, which are located within a University DMZ Network. These standards are designed to minimize the exposure of the University from the loss of sensitive or confidential data, Intellectual Property, damage to the University’s public image, etc., which may result from Unauthorized Use of University Information Technology Network information technology resources.
The policy defines the following standards:
All University Information Technology Network information technology resources deployed in a DMZ owned or operated by the University, including but not limited to servers, Routers, or switches, must be operated in accord with this policy. Additionally, all information technology resources registered in any Domain Name System (DNS) domain owned by the University are subject to this policy. Any devices outsourced or hosted at third-party service providers, if said information technology resources reside in the "park.edu" domain or appear to be owned by the University, are also subject to this policy.
All new University Information Technology Network equipment that is subject to this policy must be configured according to the applicable configuration documents, unless a waiver is obtained from University Information Security personnel. All existing and future University Information Technology Network equipment deployed on a University DMZ Network must comply with this policy.
Ownership and Responsibilities
University Information Technology Network equipment and applications within the scope of this policy must be administered by the Information Technology Services department, and be approved by authorized Information Security personnel for DMZ-level management of the relevant system, application, or Network access.
The Information Technology Services department is responsible for the following:
To verify compliance with this policy, University Information Security personnel periodically perform an audit on DMZ equipment as set forth in the Audit Policy.
General Configuration Policy
All University Information Technology Network equipment must comply with the following configuration policy:
New University Information Technology Network Installations and Change Management Procedures
All new installations and changes to the configuration of existing University Information Technology Network equipment and applications must comply with the following standards:
University Information Technology Network Equipment Outsourced to External Service Providers
The responsibility for the Security of University Information Technology Network information technology resources deployed by external service providers must be articulated in the contract with the service provider and must include Security contacts. Escalation procedures must also be documented. Contracting University departments are responsible for the third-party organization’s compliance with this policy.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.Back to Contents