Official FIU IT Governance

The Security Governance provides guidance and defines responsibilities and procedures relating to the operational implementation of the university's information technology resources.


These policies serve as the foundation for the university's information security office.


Configuration Management Plan

FIU's Enterprise Standard for configuration management is rooted in the institution's role as custodian of a diverse range of information assets, including sensitive data protected by legal mandates and regulations. Recognizing the critical importance of safeguarding these assets, the Division of Information Technology (DoIT) has established comprehensive minimum-security standards for desktops, laptops, mobile devices, and other endpoints. These standards are essential to ensure the availability, confidentiality, and integrity of the university's critical data assets.

The university's configuration management plan plays a pivotal role in supporting this overarching objective. By delineating clear guidelines for configuring and managing endpoint devices, the plan aims to establish robust controls that uphold the integrity of information systems. The plan's applicability extends to moderate and high-impact Information Systems, aligning with the recommendations set forth by the National Institute of Standards and Technology (NIST) Special Publication 800-53 CM-9.

The university's configuration management plan encompasses infrastructure and applications housed within the Division of Information Technology (DoIT) Data Center and cloud production environment. Additionally, the plan extends its coverage to infrastructure in non-production environments, encompassing servers, network devices, and other non-application data center devices deployed in various testing and development environments. Furthermore, the plan encompasses university workplace devices, including laptops, desktops, Smart phones, and tablets. This comprehensive scope ensures that configuration management standards are applied consistently across critical infrastructure and endpoints, safeguarding the integrity of FIU's information assets.


FIU users are expected to be aware of and adhere to the security procedures of computers and networks which they access. It is important for campus users to understand and practice safe computing to prevent compromising our systems and network. FIU employees are ultimately responsible for their use of computers and networked devices, and must personally take security measures to protect campus systems and data in a variety of ways.


FIU encourages everyone associated with the university to act in a manner that is fair, mature, respectful of the rights of others, and consistent with the educational mission of the university.

Users should be alert to and report any abnormal behavior exhibited by computers or software applications since this may indicate the existence of a malicious program undetected by anti-virus software. Help to prevent problems by reporting such activities to ITSO by e-mail ( or through the Phish Alert Button.

Approved Services per Data Classification

These policies serve as the foundation for the university's information security office.


Email & Communication L1 L2 L3
Zoom check check
Teams check check
Yammer check check
Calendar: Office 365 check check check
Email: Office 365 check check check
Data Analysis L1 L2 L3
Qualtrics check check
SPSS check check
Oracle Analytics check check
NVivo check check
Microsoft Power BI check check check
Instructional Tools L1 L2 L3
Turnitin check check
Canvas check check
Mediasite check check
Remote Panther Platform (VDI) check check check
Cloud Data Storage L1 L2 L3
Cloud Infrastructure: Microsoft Azure* check check check
Cloud Infrastructure: AWS* check check check
Cloud Infrastructure: OCI* check check check
Document Management: Microsoft SharePoint Online* check check check
Document Management: Microsoft OneDrive* check check check
Document Management: FIU Enterprise Drop Box Account check check
Document Management : Google Drive check check
Electronic Signature: DocuSign* check check check
Support Services: ServiceNow check check
* All Level 3 Data stored on approved services must adhere to specific access controls and user restrictions. Sharing this type of data publicly is strictly prohibited. Prior to storing FIU data on the approved FIU service, consultation with the Division of IT is mandatory, and approval must be obtained. This step ensures the implementation of proper security controls and requirements, as they may not be natively integrated.

Please review the Remote Access checklist below to assess if you have the technology requirements needed to work remotely.

Remote Access Self-Assessment Checklist