...
- Symmetric key lengths of at least 128 bit
- Asymmetric key lengths of at least 2048
- Elliptic Curve key lengths of at least 256 bit
- AES key lengths of at least 128 bit
- RSA key lengths of at least 2048
- Web server certificates SSLv3/ TLSv1.2 (example secure web sites HTTPS)
- SSH version 2 (example network device administration)
- Kerberos (example windows server and connecting device)
- PGP – AES 128 bit (example whole disk, file, USB, and email encryption)
- PGP – Public Keys RSA 2048 (for example digital signatures and encrypted email).
...
Digital Certificates
- Public-facing Secure Socket Layer (SSL) services must use digital certificates issued by a trusted authority approved by the Information Security Officer or Chief Information Officer.
- Non-public facing SSL services may use self-signed digital certificates when used for management purposes.
...
The University reserves the right to monitor network traffic, perform random audits, and to take other steps to insure ensure the integrity of its information and compliance with this Policy. Violations of this Policy may lead to appropriate disciplinary action, which may include temporary or permanent restrictions on access to certain information or networks. Willful or repeated violations of this Policy may result in dismissal from the University.
Revision History
...
Version | Date | Responsible University Office | Approved By |
1.0 | 09/14/10 | Provost Office | Provost Barry Brown |
1.1 | 02/12/13 | Senior VP of Finance and Administration and Treasurer Office | Senior VP Danielle Manning |
1.2 | 11/30/21 | ITS Information Security | ISO Paul Guarino |