Policies by A - Z

A | B | C | D | E | I | L | M | N | O | P | R | S | W |

Acceptable Use Policy

This Acceptable Use Policy (AUP) highlights the following areas with respect to responsible use of SF State Information Technology resources and specific issues required by law and/or CSU policy to include Authorized Use / Access; Data Security; Confidentiality and Privacy; Electronic Information Retention and Disclosure; Network and System Integrity; Commercial Use; Political Advocacy; Harassment; Copyright and Fair Use; Trademarks and Patents; Electronic Communications; Mass E-mail Messages; Web Sites & Accessibility to Digital Content and Reporting Irresponsible or Inappropriate Use.

Active Directory Policy

This policy sets forth the basic operational guidelines for current users and/or departments that volunteer to participate in the SF State central AD environment.

Administrative Account Access Control Policy

This policy provides guidance for managing and granting access to SF State information assets.

Analog Modem Security and Requests Policy

This policy provides guidance for requesting an analog line for modem connections to a computer.

Application Development and Deployment Policy

This policy defines requirements for applications developed and/or deployed for SF State. 

Box at SF State Policy - DRAFT

This policy provides guidance on usage on Box at SF State to comply with CSU and SF State regulations regarding governing privacy and security of information, and to protect confidential data in the event of loss or theft of data.

Change Control Policy

This policy defines requirements for system change management for SF State owned information technology systems, network resources and applications.

Confidential Data Policy

This policy sets forth the guidelines and best practices for safeguarding SF State confidential data.

Credit Card Payment Processing and PCI Security Policy

This policy sets forth the guidelines and best practices for protecting credit card payment information as required by merchant banks and controls recommend by the Payment Card Industry Security Standards Council.

Digital Certification Policy

The purpose of this policy is to provide guidance on Digital Certificates.

Distribution Lists Policy

The purpose of this policy is to outline and define a consistent campus response to the use of email for distributing announcements, notices, and other information to a wide campus audience.

Domain Name System (DNS) and IP Address Management Policy

This policy provides guidance to various departments within Information Technology that for responsible for allocating, registering, arbitrating, and maintaining the domain names associated with SF State.

E-mail Account Eligibility Policy

This policy identifies SF State e-mail account eligibility categories for members of the University community.

E-mail Faculty & Staff Policy

This policy defines service offering, requirements and provisions governing the use of Faculty and Staff E-mail Services provided by SF State.

E-mail Security Policy

This policy provides guidance and best practices for secure use of SF State E-mail.

E-mail Student Policy

This policy defines service offering, requirements and provisions governing the use of Student E-mail Services provided by SF State.

Incommon Participant Operational Practices

This document identifies operational practices for participation in the InCommon Federation.

Logging and Threat Management Policy

This policy provides guidance on logging and threat management to SF State departments and operational units operating network devices, production servers as well as academic systems and servers.

Mobile Computing Devices Security Policy

This purpose of this policy is to comply with CSU and SF State regulations governing privacy and security of information, and to protect Confidential Data in the event of mobile computing device loss or theft.

Network Policy

This policy outlines operational guidelines that helps protect SF State University’s network and technology infrastructure from unauthorized use, eavesdropping, and targeted attacks that could result in loss of information, damage critical applications, or impact University operations.

Online Directory Policy

This policy governs conduct of the online directory and provides guidance on usage of the same. 

Patch Management Policy

This policy defines requirements for patch management on all SF State owned information technology systems, network resources and applications.

Reporting an IT Security Incident or Vulnerability Policy

This policy outlines the types of common information security incidents and where they should be reported at SF State.

Safeguarding Information Policy

This policy sets forth the guidelines and best practices with respect to the following: Physically Secure SF State Equipment, Use Firewall Protection, Set Strong Passwords, Encryption and Removal of Confidential Data, Erasing and Disposing of Media, Remote Connections and Handling Paper Records.

Secure E-Waste and Paper Disposal Policy

The purpose of this policy is to outline and define SF State's campus-wide Secure E-waste and Paper Disposal Program that is designed to protect the security of campus information assets.

Server Security Policy

This policy defines the baseline configuration standards for all servers owned by SF State.

SF State "Red Flag" Policy Program

This policy outlines the SF State implementation of the Red Flag Rule. The Red Flag rule requires “financial institutions” and “creditors” holding “covered accounts” to develop and implement a written identity theft prevention program designed to identify, detect and respond to “Red Flags.”

Web Application Development and Security Policy

This policy defines requirements for Web application development and security for all SF State Web applications deployed on or off-campus.

Web Pages Policy

This policy provides guidance and minimum content-neutral standards for maintaining web pages on SF State university servers thus contributing to the university's web presence.