What we do
OIT Security is dedicated to the safeguarding of CU's systems and information through the enablement of secure design grounded in policy and procedure, operational review and response to changes in our IT environment, and training for a cyber-smart community. Our goal is to create and support a campus community where all members understand the important role they play, with all these services supporting the maintenance of our resilient, risk-conscious posture.
- Secure Computing Standard for Computers and Secure Computing Standard for Servers
- CU Boulder Security and IT Policies, Standards, and Guidelines
- Overarching IT Security Program, Administrative Policy Statement 6005
- Systemwide Security Policies, Standards, and Guidelines
- OIT approved and supported file transfer and storage services
- Not sure where to start and need help protecting your data? Contact us!
IT Security Compliance
CU is subject to a number of laws and regulations that mandate the appropriate protection and handling of information. We have subject matter expertise to help community members navigate how to work while balancing compliance requirements; some of the most common include:
- GLBA: The FTC Safeguards Rule requires CU to ensure the security and confidentiality of certain nonpublic personal information (NPI) that is collected in relation to financial products or services available to community members.
- HIPAA: As a HIPAA hybrid entity, CU must follow the requirements to protect and secure Protected Health Information (PHI).
- FERPA: This federal law affords parents and students the right to have access to the student’s education records, seek to have those records amended, and the right to control some disclosure of personally identifiable information from education records.
- FAR: This is a process that federal government contractors must adhere to in order to provide goods or services to federal agencies.
- PCI: Departments that process payment cards have an obligation to protect cardholder information by following an established set of security standards.
- Additional security resources can be found on the System Office of Information Security site about data governance, security awareness tips, available training, and more.
- The CU Police Department provides information to protect yourself from online scams.
- Register your personal or unmanaged CU laptop to assist with recovery if it is lost or stolen.
- Contact the Security team at firstname.lastname@example.org with questions about our services, requests for risk and compliance assessments, concerns about security, and everything in between!