Office of Information Technology Identity Management Policy
|
|
- Britton Washington
- 7 years ago
- Views:
Transcription
1 Office of Information Technology Identity Management Policy Rev. 1.0 Effective Date: Last Revised: TBD TBD The following are responsible for the accuracy of the information contained in this document Responsible University Officer: Chief Information Officer (CIO) Responsible Coordinating Office: Office of Information Technology (OIT) 1. Executive Summary This document is in direct support of the Georgia Institute of Technology Computer and Network Usage and Security Policy (CNUSP). Georgia Tech has developed and built a mature Identity Management (IDM) infrastructure to support users and application owners/developers. The 3 goals of the program are: 1. Eliminate the unencrypted transmission of passwords over the network. 2. Enforce and define how users are authenticated and then authorized to view Georgia Tech data. 3. Define how the IDM infrastructure is secured and monitored. With this in mind, the IDM infrastructure exists to protect identities and credentials of Georgia Tech users, as well as provide a central way to communicate changes, issues, or other information to all Georgia Tech users that are in the campus IDM service. 2. Scope This policy applies to all users and applications that utilize Georgia Tech central IDM services. The policy addresses how users are authenticated, not how users are authorized to view data. Prior to authorizing users or a group of users to view an application, the application owner should obtain permission from the appropriate data steward ( 3. Definitions IDM AD Identity management Georgia Tech Active Directory (GTAD) is the centralized Windows Active Directory service for the entire campus that ties into the authentication system and administrative applications. Your GT Active Directory credential (username and password) is the same as your GT Account, so any application that needs to authenticate a GT account can use this service to do so. References: Georgia Institute of Technology Page 1
2 Authentication active- directory- gtad Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide answers to the questions: * Who is the user? * Is the user really who he/she represents himself to be? Authorization Application Owner CAS GT Accounts Georgia Tech Authentication Services GTED (LDAP) Kerberos CAS, Kerberos, GTED and GTAD can all do authentication. Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. CAS can provide authorization data via a SAML mechanism for a small number of data elements. GTED and GTAD can provide a wider amount of authorization data. Technical contact responsible for operating a service or application that uses an authentication service to allow end users access to the Jasig Central Authentication Service or CAS, is an authentication system originally created by Yale University to provide a trusted way for a web application to authenticate a user. This is the preferred way for a web based application to authenticate GT accounts. References: The GT account is the sign- on credential (name and password) that students, faculty, and staff use to access a wide range of online services at Georgia Tech. CAS, Kerberos, GTED and GTAD can all do authentication. Given a central GT account name and password, they can verify the user against the central account system. GTED, the Lightweight Directory Access Protocol (LDAP) based information store contains and maintains Georgia Tech's users and their associated central GT computer accounts. All GT employees and students have a GT account in this data store. GTED is commonly used to authenticate and provide authorization information for applications. References: archive.oit.gatech.edu/services/oit_service.cfm?id=238 OIT provides a campus MIT Kerberos authentication system to provide strong authentication for client/server applications by using strong cryptography. References: 4. Policy 4.1 Georgia Tech Authentication Services Management of the Georgia Tech Authentication Services OIT is responsible for managing all campus- wide authentication services. Any authentication services not run by OIT are the responsibility of the Unit that deploys and manages the service. Any authentication repository run by another campus unit should be disclosed to OIT for documentation. Georgia Institute of Technology Page 2
3 Registration to use Georgia Tech Authentication Services The Georgia Tech authentication services may require compulsory registration, depending on which IDM service is to be used. Any applications in Georgia Tech network space may use CAS or Active Directory to authenticate users without registering the application with OIT. However, if the application exists outside of Georgia Tech (e.g. a 3 rd party service or within a non- gatech.edu domain), then the IDM team will need to be consulted to register the service to use one of the authentication services. Services using Kerberos or LDAP require registration with the IDM team. For more information, refer to the matrix in the following section. Using Georgia Tech Authentication Services Securely Applications that use a central authentication service must communicate over a secure channel. Collecting User Information Applications that use a Georgia Tech authentication service may not collect or harvest user information from the service. User Authorization The Georgia Tech authentication services are only responsible for authenticating users. Authorization of a user must come from the If an application asks for user credentials, the request and reply must be over secure communications (i.e. SSL). If OIT discovers that the communications are not secure (e.g. non- encrypted traffic over port 80/tcp), then all users of the application may need to be notified that their account passwords will need to be changed as a precaution. Furthermore, the service will be further restricted from using central authentication. Collecting and storing user information from the authentication services is strictly prohibited. Authentication must occur as a pass through or hand off mechanism, where the application asks the central authentication service to authenticate a user. Authentication and Authorization is a two- step process. Central authentication service simply verifies a user is who they say they are based on a known token. The application is responsible for allowing the user access to the information they are authorized to view/use/modify. Approval to authorize users to view Institute data must be approved by the appropriate data steward ( ures.pdf). Authorization must be based on the username/person requesting access, not on a network location (e.g. on campus vs. off campus). Security & Auditing OIT will validate services that use CAS and scan these services for any security issues. OIT will generate regular reports of services using the central authentications services. In addition, the following security checks will be performed on applications: Applications will be scanned for security vulnerabilities on a weekly basis. Application communications channel will be validated (e.g. ensure that the application is authenticating over a secure connection). Authorization levels will be verified via connection attempts. 4.2 Registration to use Central Authentication Services Georgia Institute of Technology Page 3
4 Service CAS/ login.gatech. edu Kerberos AD LDAP Registration Required? No, if address is on campus (.gatech.edu) Yes, if address is not gatech.edu No Yes Registration Information Fill out the form at Specify if SAML data is desired or not. Specify CAS is the authentication method desired. A Remedy request will be created. The IAM team will broker the data stewardship request in the background where possible. NA Fill out the form at to request a GTED LDAP access account and data stewardship approval. Specify what data is desired, the business purpose, and other data as fully as possible. Incomplete forms may delay the process. Specify LDAP is the authentication method desired. A Remedy request will be created. The IAM team will broker the data stewardship request in the background where possible. 4.3 Recommended Authorization Strategies for Application Owners Service CAS/ login.gatech. edu Kerberos AD LDAP Authorization Recommendation Authorization based on GTED attribute values or role membership. Contact the Identity & An example of how this would be implemented would be to use SAML (with your CAS library) or LDAP queries including Apache LDAP authorization. Authorization based on GTED attribute values or role membership. Contact the Identity & An example of how this would be implemented would be to use LDAP queries including Apache LDAP authorization or application- specific LDAP code. Authorization based on GTED attribute values or AD role membership. Contact the Identity & An example of how this would be implemented would be to use AD group membership or LDAP queries within your Authorization based on GTED attribute values or role membership. Contact the Identity & An example of how this would be implemented would be to use LDAP queries including Apache LDAP authorization or application- specific LDAP code. Georgia Institute of Technology Page 4
5 5. Responsibilities OIT OIT is responsible for: Consulting with application owners on which service would be best to use. Communicating changes/downtimes to the IDM mail list. Manage the Georgia Tech campus IDM services. Scan applications using the IDM services on a regular basis. Test applications using the IDM service to ensure that authentication is occurring over an encrypted channel. Application owners Application owners are responsible for: Consulting with OIT on which authentication mechanism to use. Obtain data steward approval for authorizing users to view data. Ensure that authentication occurs over a secure channel. Subscribe to the IDM mail list for announcements (OIT recommends a minimum of 2 people). Annually, reaffirm: o Which service accounts are in use. o What the authorization source is. o What the authorized population is. 6. Compliance Any person or application that uses a central authentication service will abide by the provisions of this procedure and agrees to comply with all of its terms and conditions, and with all applicable state and federal laws and regulations. Users have a responsibility to use these resources in an efficient, effective, ethical, and lawful manner. Violations of the procedure may result in loss of usage privileges, administrative sanctions (including termination or expulsion) as outlined in applicable Georgia Tech disciplinary procedures, as well as personal civil and/or criminal liability. 7. Procedure Modifications This policy may be changed by directive from the responsible university officer. Any changes to the policy or procedures must be promptly communicated to the individuals and offices noted in Section Communication Upon approval, this policy shall be published on the Georgia Tech website. The following offices and individuals shall be notified via and/or in writing upon approval of the policy and upon any subsequent revisions or amendments made to the original document: IDM Customers OIT Georgia Tech Data Stewards Georgia Tech IT Directors Georgia Institute of Technology Page 5
6 Georgia Tech CSR Mail List Internal Audit Office of Legal Affairs References Resource Georgia Tech IT Policy Website Georgia Tech Data Access Policy Georgia Tech Data Access Procedures Georgia Tech Computer & Network Security Procedures Georgia Tech Identity and Access Management Website Georgia Tech Identity and Access Management Link AP.pdf s/cns_procedures.pdf 9. Revision History Revision Number Author Description 1.0 Richard Biever Initial Draft Georgia Institute of Technology Page 6
2. Scope This policy addresses all web sites hosted by the central web hosting service.
OIT Web Hosting Policy Rev. 4.04 Effective Date: Last Revised: January 3, 2011 January 3, 2011 The following are responsible for the accuracy of the information contained in this document Responsible University
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationEnterprise Security Critical Standards Summary
Enterprise Security Critical Standards Summary The following is a summary of key points in the Orange County Government Board of County Commissioners (OCGBCC) security standards. It is necessary for vendors
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationGeorgia Tech Active Directory Policy
Georgia Tech Active Directory Policy Policy No: None Rev 1.1 Last Revised: April 18, 2005 Effective Date: 02/27/2004 Last Review Date: April 2005 Next Review Date: April 2006 Status Draft Under Review
More informationIntegrating LANGuardian with Active Directory
Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity
More informationSecurity IIS Service Lesson 6
Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationCMDBuild Authentication (file auth.conf)
CMDBuild Authentication (file auth.conf) 1 Indice Introduction...3 1. Authentication type selection...3 auth.methods...3 serviceusers...3 force.ws.password.digest...3 2. Header authentication configuration...3
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationP02.07.066. Mobile Device Security.
P02.07.066. Mobile Device Security. A. University employees and students using a laptop computer or mobile device (e.g. portable hard drives, USB flash drives, smartphones, tablets) are responsible for
More informationUpdate on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing?
Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing? Ann West, Michigan Technology University Jackie Charonis, Stanford University Nancy Krogh, University of
More informationNORTH CAROLINA AGRICULTURAL AND TECHNICAL STATE UNIVERSITY
Student Email Use page 1 NORTH CAROLINA AGRICULTURAL AND TECHNICAL STATE UNIVERSITY SEC. VII E-MAIL 3.0 STUDENT EMAIL USE University Policy I. Scope The purpose of this policy is to ensure the proper use
More informationComputing Privileges. Policy: 03-61-00. Scope. Policy
Policy: 03-61-00 Computing Privileges OFFICE OF RECORD: Computing Services ISSUED BY: CIO and Director of Computing Services APPROVED BY: 03-61-00 EFFECTIVE DATE: 02-13-87 (Revised 11/15/05) Scope This
More informationFirewall Access Request Form
SECTION 1 TO BE COMPLETED BY THE APPLICANT By completing the below information the requestor/applicant acknowledges and agrees that he/she has read, understood and will comply with the following: CHECK
More informationLaw Enforcement Recommendations Regarding Amendments to the Registrar Accreditation Agreement
* 1) The RAA should not explicitly condone or encourage the use of 1. Use of Proxy or Privacy Registrations Proxy Registrations or Privacy Services, as it appears in paragraphs a. In the event ICANN establishes
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationMinnesota State Colleges and Universities System Guideline Chapter 5 Administration
Minnesota State Colleges and Universities System Guideline Chapter 5 Administration Appropriate Use and Implementation of Electronic Part 1. Purpose. To establish requirements and responsibilities for
More informationPolicy for the Acceptable Use of Information Technology Resources
Policy for the Acceptable Use of Information Technology Resources Purpose... 1 Scope... 1 Definitions... 1 Compliance... 2 Limitations... 2 User Accounts... 3 Ownership... 3 Privacy... 3 Data Security...
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More information`DEPARTMENT OF VETERANS AFFAIRS VA SOUTHEAST NETWORK Automated Information System User Access Notice
`DEPARTMENT OF VETERANS AFFAIRS VA SOUTHEAST NETWORK Automated Information System User Access Notice I understand, accept, and agree to the following terms and conditions that apply to my access to, and
More informationLDAP over SSL Page 1 of 6.
How to enable LDAP over SSL using the Virginia Tech s Open-SSL Certificate Authority By: Scott Cassell, Systems Architect, VTMig, Virginia Tech FEBRUARY 2002 V1.01 The network traffic generated by the
More informationIndiana University of Pennsylvania Information Assurance Guidelines. Approved by the Technology Utilities Council 27-SEP-2002
Indiana University of Pennsylvania Information Assurance Guidelines Approved by the Technology Utilities Council 27-SEP-2002 1 Purpose... 2 1.1 Introduction... 2 1.1.1 General Information...2 1.1.2 Objectives...
More informationIMPLEMENTATION DETAILS
Policy: Title: Status: 1. Introduction ISP-I11 Software License Regulations Approved Information Security Policy Documentation IMPLEMENTATION DETAILS 1.1. The Software Management Policy (ISP-S13) makes
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationPrepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24
Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version
More informationOracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5
Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Disclaimer The following is intended to outline our general product
More informationOpen Data Center Alliance Usage: Single Sign On Authentication REv. 1.0
sm Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Reference Framework... 5 Applicability... 6 Related Usage Models...
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationCITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.
95.5 of 9. PURPOSE.. To establish a policy that outlines the requirements for compliance to the Payment Card Industry Data Security Standards (PCI-DSS). Compliance with this standard is a condition of
More informationAPPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES
APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,
More informationSkyward LDAP Launch Kit Table of Contents
04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationTYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY. POLICY TITLE: Technology Use Policy
TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY POLICY TITLE: Technology Use Policy The technology resources at Northeast Wisconsin Technical College support the instructional, research and administrative
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationPreparing for GO!Enterprise MDM On-Demand Service
Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationACE Management Server Deployment Guide VMware ACE 2.0
Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationAn Oracle White Paper September 2013. Directory Services Integration with Database Enterprise User Security
An Oracle White Paper September 2013 Directory Services Integration with Database Enterprise User Security Disclaimer The following is intended to outline our general product direction. It is intended
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationSynapse Privacy Policy
Synapse Privacy Policy Last updated: April 10, 2014 Introduction Sage Bionetworks is driving a systems change in data-intensive healthcare research by enabling a collective approach to information sharing
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationMEDWAY PUBLIC SCHOOLS Medway, MA. Acceptable Use Policy for School Network, Internet, and Equipment Grades 7-12
MEDWAY PUBLIC SCHOOLS Medway, MA Policy #21-A Acceptable Use Policy for School Network, Internet, and Equipment Grades 7-12 The District s goal in providing computer network technology and Internet access
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationRESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006)
RESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006) on-line at www.ccc.edu I. INTRODUCTION All users shall abide by the following provisions contained herein, or otherwise may be subject to disciplinary
More informationPrivacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?
Privacy Policy The Friends of the Public Garden ("FoPG" or "We") is a non-profit corporation and the owner and operator of www.friendsof thepblicgarden.org (the "Website"), which is intended to supply
More informationStreamServe Persuasion SP5 Control Center
StreamServe Persuasion SP5 Control Center User Guide Rev C StreamServe Persuasion SP5 Control Center User Guide Rev C OPEN TEXT CORPORATION ALL RIGHTS RESERVED United States and other international patents
More informationClient SSL Integration Guide
Client SSL Integration Guide Version 8.2 December 15, 2015 For the most recent version of this document, visit our documentation website. Table of Contents 1 Client SSL integration overview 3 2 System
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationP U R D U E U N I V E R S I T Y
P U R D U E U N I V E R S I T Y Service Level Agreement (SLA) Between the Identity and Access Management Office (IAMO) and the designated Purdue University administrative or academic group (the Client)
More informationValdosta State University. Information Resources Acceptable Use Policy
Valdosta State University Information Resources Acceptable Use Policy Date: December 10, 2010 1. OVERVIEW... 3 2. SCOPE... 3 3. DESIGNATION OF REPRESENTATIVES... 3 3.1 UNIVERSITY PRESIDENT... 3 3.2 VICE
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationWere there other system changes not listed above? No 3. Check the current ELC (Enterprise Life Cycle) Milestones (select all that apply)
Date of Approval: October 9, 2015 PIA ID Number: 1448 A. SYSTEM DESCRIPTION 1. Enter the full name and acronym for the system, project, application and/or database. AIMS Centralized Information System,
More informationPrivacy Policy Version 1.0, 1 st of May 2016
Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)
More informationCal Poly Information Security Program
Policy History Date October 5, 2012 October 5, 2010 October 19, 2004 July 8, 2004 May 11, 2004 January May 2004 December 8, 2003 Action Modified Separation or Change of Employment section to address data
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationManaging Users and Identity Stores
CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting
More informationDepartment of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT
Department of Veterans Affairs VA DIRECTIVE 6510 Washington, DC 20420 Transmittal Sheet VA IDENTITY AND ACCESS MANAGEMENT 1. REASON FOR ISSUE: This Directive defines the policy and responsibilities to
More informationdistrict Legal Networking
COMPUTER NETWORK FOR EDUCATION REGULATION 4526-R The following rules and regulations govern the use of the district's computer network system and access to the Internet. I. Administration The Superintendent
More informationInformation Security Operational Procedures
College Of Coastal Georgia Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides a general framework of the policy utilized by
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationHAVERFORD COLLEGE IITS: POLICY AND PLANNING
Contents: 1. Preface 2. Policy 3. Audit and Compliance Section 1. Preface A. Name. The formal name of this policy is the Policy. B. Status of This Policy 1. Draft. Completed 4/11/2013 2. Public Review
More informationSystem and Network Security Policy Internet User Guidelines and Policy. North Coast Council. 5700 West Canal Road Valley View, Ohio 44125
North Coast Council 5700 West Canal Road Valley View, Ohio 44125 Telephone: 216-520-6900 Fax: 216-520-6969 1885 Lake Avenue Elyria, Ohio 44035 Telephone: 440-324-3185 Fax: 440-324-7355 URL: www.nccohio.org
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationHow To - Implement Clientless Single Sign On Authentication with Active Directory
How To Implement Clientless Single Sign On in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable Version:
More informationPurposeful Use Of A CCCC Computing System
Purpose Cloud County Community College owns and operates a variety of computing systems which are provided for the use of CCCC students, faculty and staff in support of the programs of the College and
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.22 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Electronic Information and Information Systems Access Control
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationSTATE BANK OF SPRING HILL INTERNET BANKING AGREEMENT WWW.SBSH-KS.COM Internet banking is not available to children under 18 years of age.
STATE BANK OF SPRING HILL INTERNET BANKING AGREEMENT WWW.SBSH-KS.COM Internet banking is not available to children under 18 years of age. PLEASE READ THIS AGREEMENT CAREFULLY AND KEEP A COPY FOR YOUR RECORDS.
More informationAcceptable Use Policy
Acceptable Use Policy Copyright 2011 Supreme Council of Information and Communication Technology (ictqatar) Table of Contents 1. System and Network Security... 4 2. Non-Interference with Services... 4
More informationIntroduction to Directory Services
Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory
More informationPCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker
PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationMusina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-
Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page
More informationAgent Configuration Guide
SafeNet Authentication Service Agent Configuration Guide SAS Agent for Microsoft Internet Information Services (IIS) Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright
More information