Official FIU IT Governance
The Security Governance provides guidance and defines responsibilities and procedures relating to the operational implementation of the university's information technology resources.
Policies
These policies serve as the foundation for the university's information security office.
- 1910.005 Responsibilities for FIU Network and/or System Administrators
- 1930.010 Digital Millennium Copyright Act
- 1930.020 Information Technology Security
- 175.150 Digital Communications Standards
- 1110.032 Preventing Identity Theft on Covered Accounts
- 1110.025 Payment Card Processing Policy
Standards
- Password & Account Management Standard
- FIU Approved Services
- Data Classification Standard
- FIU Backup Standard
Configuration Management Plan
FIU's Enterprise Standard for configuration management is rooted in the institution's role as custodian of a diverse range of information assets, including sensitive data protected by legal mandates and regulations. Recognizing the critical importance of safeguarding these assets, the Division of Information Technology (DoIT) has established comprehensive minimum-security standards for desktops, laptops, mobile devices, and other endpoints. These standards are essential to ensure the availability, confidentiality, and integrity of the university's critical data assets.
The university's configuration management plan plays a pivotal role in supporting this overarching objective. By delineating clear guidelines for configuring and managing endpoint devices, the plan aims to establish robust controls that uphold the integrity of information systems. The plan's applicability extends to moderate and high-impact Information Systems, aligning with the recommendations set forth by the National Institute of Standards and Technology (NIST) Special Publication 800-53 CM-9.
The university's configuration management plan encompasses infrastructure and applications housed within the Division of Information Technology (DoIT) Data Center and cloud production environment. Additionally, the plan extends its coverage to infrastructure in non-production environments, encompassing servers, network devices, and other non-application data center devices deployed in various testing and development environments. Furthermore, the plan encompasses university workplace devices, including laptops, desktops, Smart phones, and tablets. This comprehensive scope ensures that configuration management standards are applied consistently across critical infrastructure and endpoints, safeguarding the integrity of FIU's information assets.
Procedures
FIU users are expected to be aware of and adhere to the security procedures of computers and networks which they access. It is important for campus users to understand and practice safe computing to prevent compromising our systems and network. FIU employees are ultimately responsible for their use of computers and networked devices, and must personally take security measures to protect campus systems and data in a variety of ways.
Guidelines
FIU encourages everyone associated with the university to act in a manner that is fair, mature, respectful of the rights of others, and consistent with the educational mission of the university.
Users should be alert to and report any abnormal behavior exhibited by computers or software applications since this may indicate the existence of a malicious program undetected by anti-virus software. Help to prevent problems by reporting such activities to ITSO by e-mail (abuse@fiu.edu) or through the Phish Alert Button.
Copyright
The purpose of this policy is to implement University practices that abide and conform to the Federal Law governing the copyright of digital resources as defined in the Digital Millennium Copyright Act of 1998, 105 PL 105- 304, including the activities involving the download, upload, or distribution of copyright protected digital material in any fashion, electronic data, information, voice, video and software by University computer system users on University computer systems.
The University is considered a content-neutral Internet service provider (ISP) for those websites or on-line materials over which the University has no editorial responsibility or control which are found within the FIU domain - signified by the address "fiu.edu" or within the range of Internet protocol addresses assigned to Florida International University. Such sites include, but are not limited to, the web pages or other on-line materials of individual faculty members or students, individual class sites and materials, and the web pages or on-line materials of student organizations and other organizations not formally a part of the University.
1930.010 | Digital Millennium Copyright ActFIU Student Violations and Consequences
First Offense
- You will receive a "Copyright Violation Notice" sent to your FIU e-mail account. You are required to sign and deliver the notice to PC 534A.
- You will be required to remove all illegally obtained copyrighted material from your computer.
- You will have your residence hall networking port disabled if the "Copyright Violation Notice" is not signed.
Second Offense
- You will have your residence hall networking port disabled.
- You will be required to remove all illegally obtained copyrighted material from your computer.
- You will be required to schedule an appointment with the Office of Student Conduct and Conflict Resolution and the Information Security Office.
Approved Services per Data Classification
These policies serve as the foundation for the university's information security office.
Services
| Email & Communication | L1 | L2 | L3 |
|---|---|---|---|
| Zoom | |||
| Teams | |||
| Yammer | |||
| Calendar: Office 365 | |||
| Email: Office 365 | |||
| Data Analysis | L1 | L2 | L3 |
| Qualtrics | |||
| SPSS | |||
| Oracle Analytics | |||
| NVivo | |||
| Microsoft Power BI | |||
| Instructional Tools | L1 | L2 | L3 |
| Turnitin | |||
| Canvas | |||
| Mediasite | |||
| Remote Panther Platform (VDI) | |||
| Cloud Data Storage | L1 | L2 | L3 |
| Cloud Infrastructure: Microsoft Azure* | |||
| Cloud Infrastructure: AWS* | |||
| Cloud Infrastructure: OCI* | |||
| Document Management: Microsoft SharePoint Online* | |||
| Document Management: Microsoft OneDrive* | |||
| Document Management: FIU Enterprise Drop Box Account | |||
| Document Management : Google Drive | |||
| Electronic Signature: DocuSign* | |||
| Support Services: ServiceNow |
Please review the Remote Access checklist below to assess if you have the technology requirements needed to work remotely.
Remote Access Self-Assessment Checklist