Policies by A - Z
This Acceptable Use Policy (AUP) highlights the following areas with respect to responsible use of SF State Information Technology resources and specific issues required by law and/or CSU policy to include Authorized Use / Access; Data Security; Confidentiality and Privacy; Electronic Information Retention and Disclosure; Network and System Integrity; Commercial Use; Political Advocacy; Harassment; Copyright and Fair Use; Trademarks and Patents; Electronic Communications; Mass E-mail Messages; Web Sites & Accessibility to Digital Content and Reporting Irresponsible or Inappropriate Use.
This policy sets forth the basic operational guidelines for current users and/or departments that volunteer to participate in the SF State central AD environment.
This policy provides guidance for managing and granting access to SF State information assets.
This policy provides guidance for requesting an analog line for modem connections to a computer.
This policy defines requirements for applications developed and/or deployed for SF State.
This policy provides guidance on usage on Box at SF State to comply with CSU and SF State regulations regarding governing privacy and security of information, and to protect confidential data in the event of loss or theft of data.
This policy defines requirements for system change management for SF State owned information technology systems, network resources and applications.
This policy sets forth the guidelines and best practices for safeguarding SF State confidential data.
This policy sets forth the guidelines and best practices for protecting credit card payment information as required by merchant banks and controls recommend by the Payment Card Industry Security Standards Council.
The purpose of this policy is to provide guidance on Digital Certificates.
The purpose of this policy is to outline and define a consistent campus response to the use of email for distributing announcements, notices, and other information to a wide campus audience.
This policy provides guidance to various departments within Information Technology that for responsible for allocating, registering, arbitrating, and maintaining the domain names associated with SF State.
This policy identifies SF State e-mail account eligibility categories for members of the University community.
This policy defines service offering, requirements and provisions governing the use of Faculty and Staff E-mail Services provided by SF State.
This policy provides guidance and best practices for secure use of SF State E-mail.
This policy defines service offering, requirements and provisions governing the use of Student E-mail Services provided by SF State.
This document identifies operational practices for participation in the InCommon Federation.
This policy provides guidance on logging and threat management to SF State departments and operational units operating network devices, production servers as well as academic systems and servers.
This purpose of this policy is to comply with CSU and SF State regulations governing privacy and security of information, and to protect Confidential Data in the event of mobile computing device loss or theft.
This policy outlines operational guidelines that helps protect SF State University’s network and technology infrastructure from unauthorized use, eavesdropping, and targeted attacks that could result in loss of information, damage critical applications, or impact University operations.
This policy governs conduct of the online directory and provides guidance on usage of the same.
The purpose of this policy is to ensure devices are running operating systems that can be maintained securely to comply with CSU and SF State regulations regarding security of information, and to protect SF State Confidential data.
The purpose of this policy is to establish a standard for the creation/reset of strong passwords, the protection of those passwords, and the frequency of change. The scope of this policy includes all SF State staff, student employees and community members.
This policy defines requirements for patch management on all SF State owned information technology systems, network resources and applications.
This policy outlines the types of common information security incidents and where they should be reported at SF State.
This policy sets forth the guidelines and best practices with respect to the following: Physically Secure SF State Equipment, Use Firewall Protection, Set Strong Passwords, Encryption and Removal of Confidential Data, Erasing and Disposing of Media, Remote Connections and Handling Paper Records.
The purpose of this policy is to outline and define SF State's campus-wide Secure E-waste and Paper Disposal Program that is designed to protect the security of campus information assets.
This policy defines the baseline configuration standards for all servers owned by SF State.
This policy outlines the SF State implementation of the Red Flag Rule. The Red Flag rule requires “financial institutions” and “creditors” holding “covered accounts” to develop and implement a written identity theft prevention program designed to identify, detect and respond to “Red Flags.”
This policy defines requirements for Web application development and security for all SF State Web applications deployed on or off-campus.
This policy provides guidance and minimum content-neutral standards for maintaining web pages on SF State university servers thus contributing to the university's web presence.