What we do
OIT Security is dedicated to the safeguarding of CU's systems and information through the enablement of secure design grounded in policy and procedure, operational review and response to changes in our IT environment, and training for a cyber-smart community.
Our goal is to create and support a campus community where all members understand the important role they play, with all these services supporting the maintenance of our resilient, risk-conscious posture.
Request Support
Security Guidance
- Secure Computing Standard for Computers and Secure Computing Standard for Servers
- CU Boulder security and IT policies, standards and guidelines
- Overarching IT Security Program, Administrative Policy Statement 6005
- Systemwide security policies, standards and guidelines
- OIT-approved and -supported file transfer and storage services
- Artificial Intelligence (AI) Data Security Guidelines
- Not sure where to start and need help protecting your data? Contact us!
IT Security Compliance
CU is subject to a number of laws and regulations that mandate the appropriate protection and handling of information, some of which are listed below.
We have subject-matter expertise to help community members navigate how to work while balancing compliance requirements.
- GLBA: The FTC Safeguards Rule requires CU to ensure the security and confidentiality of certain nonpublic personal information (NPI) that is collected in relation to financial products or services available to community members.
- HIPAA: As a HIPAA hybrid entity, CU must follow the requirements to protect and secure Protected Health Information (PHI).
- FERPA: This federal law affords parents and students the right to have access to the student’s education records, seek to have those records amended, and the right to control some disclosure of personally identifiable information from education records.
- FAR: This is a process that federal government contractors must adhere to in order to provide goods or services to federal agencies.
- PCI: Departments that process payment cards have an obligation to protect cardholder information by following an established set of security standards.
Additional Resources
- IT Security also asks their ITSPs to take an annual Skillsoft training that introduces and reinforces the responsibilities of IT Services Providers. For more information, please visit the Security Training for IT Service Providers page.
- Additional security resources can be found on the System Office of Information Security site related to data governance, security awareness tips, available training and more.
- The Research Cybersecurity Program provides training, compliance resources, consulting and assessment services to assist researchers to secure research data.
- The CU Police Department provides information to protect yourself from online scams.
- Register your personal or non-CU-managed laptop to assist with recovery if it is lost or stolen.
- Contact the IT Security team at security@colorado.edu with questions about our services, requests for risk and compliance assessments, concerns about security, and everything in between!