University Technology Office

Policy

These policies fall within the overarching ACD125: Information Security Policy which defines the boundaries of acceptable use of ASU computing and communication resources.   The full policy can be found in the Academic Affairs Policies and Procedures Manual (ACD 125).

Access to University Technology Resources & Services Policy

Arizona State University (ASU) provides centrally managed information technology services andresources to employees, students, and other affiliates for activities related to its mission ofteaching and learning, research, and service. The University limits access to only thoseindividuals and entities that are actively involved in supporting the institution’s mission and goals.

ASU Information Security Policy

The ASU Information Security Policy establishes guidelines and standards for the preservation of the confidentiality, integrity and availability of University information resources, provides for the integrity of institutional processes and records, and supports the University’s compliance with state and federal laws, rules and regulations.

ASU Border Firewall Policy

A firewall is a system comprised of hardware and software designed to protect the ASU network from untrusted systems and unauthorized users. In conjunction with effective security policies and administration procedures, and other internal firewalls, the border firewall is an important component of defense. 

Anti-Virus Standard

All user and server systems that utilize the University network are required to have a supported and current version of anti-virus in order to perform due diligence towards protecting University systems.

Courtesy Affiliate Standard

This standard documents the process of creating and administering Courtesy Affiliates of ASU.

Data Handling Standard

This standard outlines the responsibilities and controls required for handling all University managed information in any form.

Data Steward & Trustee Standard

This standard outlines the responsibilities of data stewards and data trustees of University data.

Enterprise System Change Management Standard

This document describes the Enterprise System Change Management Process for Technology Systems at Arizona State University (ASU).

Incident Response Standard

This standard outlines the workflow, roles and responsibilities, and escalation provisions with respect to identifying and handling information security incidents at Arizona State University.

Peer-to-Peer (P2P) File Transfer / Copyright Infringement Standard

This document describes acceptable and prohibited uses of P2P software and protocols on ASU's network, University sanctions for prohibited uses, and responsibilities for compliance.

Password Standard

Documentation of ASU’s standard regarding the changing of passwords that are used to grant access to University resources. 

Patch Management Standard

The Patch Management Standards describes basic patch management expectations for University systems.

PeopleSoft Application Data Trustee Standard

PeopleSoft data trustees have the responsibility to oversee the creation and maintenance of roles that perform business functions and access ASU data. They are also responsible for granting and revoking access to roles.

Privileged Accounts Standard

This document establishes guidelines for UTO to ensure the secure use of system accounts and administrator or privileged access rights.

Secure Web Development Standard

This standard establishes guidelines and standards for the preservation of the confidentiality, integrity and availability of University information resources associated with websites.

Software Development Lifecycle

This standard outlines security related responsibilities and expectations for software development that occurs at the University.

Standard Enforcement Exception Request Procedure

This document describes the procedure to request an exception to one of ASU's published standards.

System Audit Requirements

This document contains requirements for logging activities on High Risk and Confidential systems.

Web Application Security Standard

The purpose of this standard is to improve the security of ASU web applications by addressing threat modeling and security testing, web application criticality and the associated review prcoess, the web application sign-off/approval process and recommended guidelines.