”TigerNetwork Security

Policy Title

CCIT Network Security Policy

  1. Purpose
    The purpose of this Network Security Policy is to outline the requirements for all Users connecting to the Clemson University Computer Network (University Network”) from any Computing Device.  These requirements support the availability of IT Resources while minimizing damages from malicious attacks and unauthorized use.

 

  1. Scope
    This policy applies to all Users who access the University’s Computer Network through any Computing Device, including University owned devices and personally owned devices.

 

  1. Definitions

3.1. Glossary of Terms 

 

  1. Policy Statement

4.1. General 

4.1.1. Users must ensure that Computing Devices meet the Minimum IT Security Standards before connecting to the University network. CCIT or departmental IT Consultants can assist with verification.

 4.1.2. Users are responsible for all network activity originating from their Computing Devices when connected to the University’s Computer Network.

 

4.2. Network Connectivity

4.2.1. All Computing Devices using the University’s Computer Network via a wired or wireless (Wi-Fi) connection will be registered with the University registration system, restricting access to approved IT Resources.

4.2.2. The University’s Computer Network is segmented based on various factors, including data classifications, system requirements, privacy requirements, and user roles and responsibilities. Users must not knowingly attempt to bypass these segmentation controls.

4.2.3. Users must submit any Computing Device or Information System that requires external connectivity (from the Internet) for a security assessment through the Office of Information Security to determine if an exception can be allowed.

 

4.3. Network Devices and Services

4.3.1. The installation of Network Devices (which include, but are not limited to, routers, remote access devices, modems, and wireless access points) that would allow unauthorized access to the University’s Computer Network are prohibited.

4.3.2. Network Services are centrally managed by CCIT.  Users are prohibited from establishing services such as Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Bootstrap Protocol (BOOTP), Firewalls, and Virtual Private Networks (VPN) established outside of the centrally managed services.

4.3.3. Internet of Things (IoT) devices such as sensors, cameras, and building automation systems must be configured or ResMediaNet.

4.3.4. The University’s IP addresses may not be registered with outside DNS authorities.  Users needing DNS entries must contact CCIT.

4.3.5. Systems that do not require Internet access or whose primary function is local to the University’s Network should use private addressing.

 

4.4. Disciplinary Sanctions

The University will impose disciplinary sanctions on Users who violate this policy, or any other IT policies, procedures, and/or applicable state and federal laws. The severity of the imposed sanctions will be appropriate to the violation and/or any prior discipline issued.

4.4.1. Users in violation of this policy may experience suspended access to, or availability of, IT Resources when:

4.4.1.1. Suspicious activity is observed.
4.4.1.2. Compromised User Accounts are detected.
4.4.1.3. Computing Devices do not meet the Minimum IT Security Standards.
4.4.1.4. The confidentiality, integrity, or availability of University IT Resources are believed to be at risk.

 

  1. Additional Resources

5.1. Data Classification Policy

5.2. Glossary of Information Security Terms

5.3. Information Security Policy

5.4. IT Incident Reporting Procedure

5.5. Minimum IT Security Standards

5.6. Wireless Procedures

 

 

Responsible Division

CCIT

Reviewed Date

October 3, 2024