Montana State University
Montana State University > Policy and Procedures > Campus Networking Policy

Campus Networking Policy


Subject:

Information Technology

Policy:

Campus Networking Policy

Effective Date:

May 13, 2004

Review Date:

May, 2010

Responsible Party:

[Information Technology Center Associate Director for Network, Systems, and Operations]


100.00 Introduction and Purpose

110.00 Introduction

To ensure the security of MSU electronic information, the campus voice, video, and data network is managed centrally by the Information Technology Center (ITC). The network includes both wired and wireless components. Any wired or wireless devices or networks that are connected to the campus network are considered part of the campus network and are subject to this policy, regardless of their ownership.

120.00 Purpose

The purpose of this policy is to ensure the security of MSU data, networks and the devices connected to those networks by specifying technological and managerial requirements and recommendations. It is in the best interests of the University that the data, networks and the devices connected to those networks be protected against threats to the availability and integrity of the services and information based on them. Such threats include but are not limited to unauthorized use, eavesdropping, vandalism (e.g., malware), and denial of service attacks. This policy and associated standards, therefore, state requirements and recommendations for the secure installation, configuration, and administration of network-connected devices and infrastructure. Account maintenance refers to any computer or computing device account that provides access to network-connected devices and/or resources.

200.00 Policy and Procedure

210:00 Policy

Any device to be connected to the network must be approved by ITC before it is connected. All network-connected devices must conform to the required standards cited in the document "Standards for Network Connectivity at Montana State University" http://www.montana.edu/itsecurity/guidelines/campusnetstds.pdf, which is maintained by ITC under the authority of the Information Technology Governance Council (ITGC). Exceptions to this policy may be granted, when judged appropriate, by the ITC Director for Network Systems and Operations or the MSU Chief Security Officer, and will be formally communicated to ITGC.

210.00 Scope

Devices covered by this policy include all network-connected, information technology devices, such as personal computers, printers, photocopiers, firewalls, servers, routers, switches, and hubs, as well as network-connected mechanical devices, robots, and laboratory instruments or any other device connected to the network. Also covered are cabling, wiring, jack components, and wireless networking devices, including all network infrastructure components.

220.00 Definition

For purposes of this policy, "network-connected" indicates devices that are connected by wire, optical fiber, or wireless means to digital telecommunication networks that are owned and/or operated by an MSU campus. Exempted from this policy are devices connected to very small, isolated networks that are (1) managed entirely within individual academic or administrative departments, (2) do not share network infrastructure (cabling, electronics) with any other campus network, and (3) are never connected physically or by wireless means to an MSU campus owned and/or operated network outside the department.

230.00 Board of Regents Information Technology Policies

The Montana University System Board of Regents has implemented information technology policies that apply to all public institutions of higher education within the state of Montana. These policies may be reviewed at:

http://mus.edu/borpol/bor1300/bor1300.asp

240.00 Freedom from Harassment

All members of the campus community have the right not to be harassed by the computer or network usage of others. The following activities constitute harassment (1) intentionally using the computer to annoy, threaten, intimidate, or offend another person, (2) intentionally using a computer to interrupt the academic, research, administrative, or related pursuits of another, and (3) intentionally using the computer to invade the privacy, academic or otherwise, of another. Related policies may be viewed at:

http://www2.montana.edu/policy/affirmative_action/

http://www.montana.edu/wwwitc/docs/compres4.html

250.00 Copyrighted Material

Computer users are prohibited from copying, storing, or distributing copyrighted material, such as music, video, etc., in violation of the federal Copyright Act. Related policies may be viewed at:

http://www2.montana.edu/policy/copyright_infringement/

http://mus.edu/borpol/bor400/4013.htm

300.00 Acceptance

Any use of an MSU telecommunication network signifies the user's agreement to adhere to this policy and to these standards.

400.00 Enforcement

410.00 Violations

The information technology department and/or Internal Audit office will investigate suspected violations of this policy. All operators of network-connected devices are required to cooperate fully with such investigations. If suspected violations are seen to pose threats to the security of the network, to other network-connected devices, or to violate other university policies, such as fire and electrical code, ITC Departmental Policies and Procedures, Telecommunication Network Installation Policy 403, etc., the information technology department may disconnect from the network any or all devices involved in the violation. Such devices may not be reconnected to the network until violations are addressed and remedied to the satisfaction of the information technology department.

420.00 Notification of Suspected Breach

Network users are responsible for promptly reporting suspected or detected violations of these standards to the ITC helpdesk unless other departmental procedures are in place.

430.00 Appeals Process

Appeals of decisions made by the information technology departments at each campus relative to this policy may be made to the executive at each campus to which the information technology department reports (for example, at Bozeman this would be the Chief Information Officer).