The policies detailed in this document are designed to achieve the following
- Ensure availability of and reliable access to USF network resources and network-based services, especially mission-critical
- Preserve integrity of the data stored on USF computing systems, and prevent
unauthorized access to confidential information.
- Preserve the privacy of users to the greatest extent possible.
- Promote an efficient, standards-based approach to providing and managing
network-based services, servers,
and user systems.
- Foster awareness of security issues among the members of the USF community
who access network resources and services.
- Protect University computing systems from unauthorized access and unlawful
- Facilitate prompt, effective, and consistent institutional responses to
security threats, attacks, and violations.
- Identify authority and responsibilities associated with enforcing security
policies and procedures, responding to security threats, attacks, and violations.
- Establish processes evaluating exception requests and periodic assessment
and revision of policies and standards to ensure timely adaptation to changing
network security requirements.
Policies Governing Management of the Network
- Only authorized network equipment may reside on the USF network. See Standards for Network Equipment.
- Access to USF network equipment and network equipment rooms is restricted
to authorized USF personnel. See Standards for Network Management.
- USF policy is not to police content, but to monitor resource usage and
authenticate users. USF may log and trace basic identifying information (such
as Mac address) for all desktops, servers, and other devices connected to
the USF network.
- Individual users should* be required to authenticate
to access the USF network.
- Entry points into the USF network
must* be configured in accordance with Standards for Network Access.
- USF personnel with network management responsibilities must adhere to
Standards for Network Management.
Policies Governing Management of Servers
- Servers connected to the USF network should meet Standards for Server Equipment, be authorized and registered, and be supported in
compliance with Standards for System Administration.
- Unauthorized servers or non-compliant servers connected to the network
may be disconnected upon discovery.
- Compromised systems or systems interfering with the functioning of the
network will be immediately disconnected and will remain disconnected until
the system has been appropriately secured or the problem resolved.
- A server must not be used as a user system.
Policies Governing Management of User Systems
- Each user is responsible for the network security of any device he or she
connects to the network.
- User accounts are for individual use only. Users must not share their account
- User systems must not allow unauthorized access to University information,
whether stored locally or gained through connection to other systems.
- User systems must not be used to launch attacks on USF network services
or systems/services outside the USF network.
- User systems interfering with the functioning or security of the network
may be immediately disconnected and remain disconnected until the system has
been appropriately secured and the problem resolved.
- USF reserves the right to ban any software or hardware, which USF deems
a security threat, from user systems connected to the USF network.
- File Sharing on the USF Network:
- 7.1 File sharing will be disabled by default on USF-owned systems.
- 7.2 USF recommends network file sharing through its centralized file server
- USF-owned and/or supported user system hardware and software should meet
the standards detailed on the following web pages:
- 8.1 Hardware Standards
- 8.2 Software Standards
- All user systems connected to the network must have up-to-date virus protection software with the latest virus definitions and operating system critical vulnerability updates. Subsequently, adequate protection against network-based vulnerabilities must be maintained on a regular basis.
Computers not conforming to this policy will be allowed limited network connectivity to the University's network for only the period required to install the necessary software and updates to conform to this policy. At the end of this time, the computer must meet these requirements or it will not be allowed to connect to the network.
- All users accessing the USF network are expected to act in accordance with
the Technology Resources Appropriate Use Policy.
For further information, please see:
*Distinction between "must"
In some policy statements within this document, the word "must"
is used and in other instances, the word "should" is used. The use
of "must" indicates that compliance is both feasible and expected.
"Should" is used in those instances where compliance is highly desirable,
but may not be technically feasible within the University's current network
and technology infrastructure. In these cases, the policy statements represent
goals that the University expects to achieve as its network and technology infrastructure