Home Policies Procedures & Standards
Procedures & Standards PDF Print E-mail

This section contains procedures and standards to be used by all machines connecting to the usf.edu domain, as well as the personnel who use and administer them.  The procedures and standards are reviewed annually by the Information Security Workgroup at USF.  Compliance to the standards posted in this section is compulsory.

ISSP-001 - Sensitivity and Criticality of Data

This document offers guidelines for the classification of electronic resources within the University of South Florida according to their level of criticality and sensitivity. 


ISSP-002 - Incident Response and Investigation

Document Outlines steps taken during incidents involving data security at USF.


ISSP-003 - Active Directory Settings

Minimum Account Lockout and Password Policy settings for servers belonging to the usf.edu forest.


ISSP-004 - Removal of Network Access

USF must take immediate action to mitigate any threats that have the potential to pose a serious risk to the campus network, campus computers or the Internet. This document outlines situations in which machines conencted to the USF network would have access suspended.


ISSP-005 - Choosing Strong Passwords

Passwords are the first line of defense on any system connected to the network. It is not enough to simply have any password associated with an account. Passwords must be chosen in such ways that the casual hacker would not gain access to the account simply by trying a few easy combinations.


ISSP-006 - Securing Sensitive Computers

All computers connected to the network must be appropriately protected. Computers used at USF which contain information considered sensitive require additional measures of protection. This document outlines the recommended steps local administrators must take during the initial setup and ongoing maintenance of such computers.


ISSP-008 - Wireless Network Installations

This document covers some general wireless network installation guidelines that must be followed to ensure USF's campus-wide wireless offerings are compatible, provide mobility between locations, and prevent unauthorized access. Note: Please read this document carefully.  Any unauthorized wireless router found on our network will have its connection turned off immediately.


ISSP-009 - Media Disposal

Sensitive data, such as proprietary information and student information, may reside on various types of media throughout the University. Due to technological advancements, simple deletion or formatting does not provide enough protection of sensitive data. Deleted files usually will remain on the media for long periods of time, and many software tools are now available to recover such data.  Note: Once destroyed in the manner described, these files cannot be recovered.  USF and/or the ISW are not responsible for unwanted effects the use of this software may cause.  Do not use the methods described unless you are certain the data will no longer be needed. 


ISSP-012 -  Data Protection Standards for Mobile Devices

All laptops purchased by the University must have approved whole disk encryption software installed to better protect Personal Identifiable Information (PII).


ISSP-013 -  Request for Storage of PII on a Mobile Device

Please use this form when requesting to utilize a laptop or mobile device to store Personal Identifiable Information


ISSP-014 -  Request for Storage of Social Security Numbers

The USF System will no longer use nor permit the use of a Social Security Number (SSN) as an identifier for a person in any USF System information system unless the use of the SSN is imperative for the performance of the USF System's duties and responsibilities as prescribed by law.


ISSP-015 - Server Address Assignment and ACL Requests

In order to improve the security posture of the servers part of the IT SVC Data Center and Winter Haven Data Center, the IT's Office of Information Security, in conjunction with Communications Infrastructure and the Data Center Infrastructure group have established a set of network procedures to be followed when setting up a server.