Topics Map > Service Catalog > DataCenter Services
Topics Map > Service Catalog > Accounts, passwords and security services > System Security
Non-LIT server requirements
Learning and Information Technology Services (LIT) will provide public facing IP addresses and DNS entries for department hosted servers. The UW-Stout CIO is responsible for the security of all IT resources on campus. Due to this responsibility all servers must adhere to campus, system and BOR policies.
- The data stored must be classified in accordance with UW System Policy 1031 and discussed with the UW -Stout Information Security Officer to clarify the type of data being stored and how it is classified. See UW Stout's Data Classification administrative procedure.
- The department hosted server must be in compliance with all UW-System, UW-Stout, and other applicable policies and laws. A list of UW-System policies can be found at https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/
- Examples include:
- Encryption in transit and at rest
- Server owners must maintain operating systems to the latest patch level and the operating system must be supported by the developer.
- Server owners must maintain patch levels of all software and respond in a timely manner to critical vulnerabilities identified by the software developer or made available by national clearinghouses.
- Server owners must provide detailed configuration settings and other details to verify compliance.
LIT maintains the right to monitor traffic to and from the server and to scan the server for vulnerabilities. If vulnerabilities are discovered through monitoring or scanning, the owner will be notified and will then need to promptly patch the server. LIT reserves the right to block access to the server at their discretion when a severe risk to the campus is identified or when a server is interrupting core services. LIT will do it's best to work with departments to identify issues and work through them, but LIT will at times be required to take unilateral actions to keep the campus secure. These are the same standards that LIT is expected to also follow.