IT Security

Request Forms

• Report suspicious/phishing emails
• Request SSL site certificates
• Request firewall exception
• Report a security incident or lost/stolen device

Security Guidance

• Secure Computing Standard for Computers and Secure Computing Standard for Servers
• CU Boulder security and IT policies, standards and guidelines
• Overarching IT Security Program, Administrative Policy Statement 6005
• Systemwide security policies, standards and guidelines
• OIT-approved and -supported file transfer and storage services
• Artificial Intelligence (AI) Data Security Guidelines
• Not sure where to start and need help protecting your data? Contact us! 

IT Security Compliance

CU is subject to a number of laws and regulations that mandate the appropriate protection and handling of information, some of which are listed below. 

We have subject-matter expertise to help community members navigate how to work while balancing compliance requirements.

• GLBA: The FTC Safeguards Rule requires CU to ensure the security and confidentiality of certain nonpublic personal information (NPI) that is collected in relation to financial products or services available to community members. 
• HIPAA: As a HIPAA hybrid entity, CU must follow the requirements to protect and secure Protected Health Information (PHI).
• FERPA: This federal law affords parents and students the right to have access to the student’s education records, seek to have those records amended, and the right to control some disclosure of personally identifiable information from education records.
• FAR: This is a process that federal government contractors must adhere to in order to provide goods or services to federal agencies.
• PCI: Departments that process payment cards have an obligation to protect cardholder information by following an established set of security standards.