Network Security-REPLACED BY Standard for Communications Security

In 2012, the University adopted ISO/IEC 27002 and subsequently, in June 2014, University Policy 311, Information Security, was revised to cover at a high level anything relating to the protection of University information resources.

Since that time ITS has been developing Standards and Guidelines to align with ISO 27002, providing more details and guidance in support of University Policy 311. Because University Policy 303, Network Security, was concerned mainly with information security, it has been replaced by Information Security Standard for Communications Security.

Additional background on Information Security Standards is available here: http://itservices.charlotte.edu/home/it-policies-standards.

This University Policy is revised to add a provision permitting the University to monitor data traffic to safeguard the integrity of the University's computing and electronic communication resources and to minimize the risks to both those resources and the end users of those resources. Specifically, the revision allows ITS to monitor data traffic and to access, retrieve, read, and/or disclose data communications when there is reasonable cause to suspect a violation of applicable University policy or criminal law, or when monitoring is otherwise required by law. The new language in this University Policy will also be included in a network logon banner, so that users are notified of the potential data traffic monitoring when they log onto the University network

This new University Policy is intended to ensure secure and reliable network access and performance for the University community. It addresses Internet addressing and domain services, network connections, internal services, network security, monitoring and auditing. The Policy also sets forth enforcement procedures and provides for the Chancellor to appoint a Network Security Committee to review the Policy on a regular basis and to ensure that it may be fairly interpreted and enforced.