CSUF Information Security Directive
PRESIDENT'S DIRECTIVE NO. 13
Summary
This Directive applies to the collection, use, maintenance, and release of protected information by the University or, when applicable, by any of its auxiliary or affiliate organizations and the development of a campus wide information security strategy. Securing information protected by federal and state law as well as California State University (CSU) policies and procedures, is essential.
As such, the University will:
Comply with all federal and state laws and regulations, as well as CSU policies and procedures, concerning the collection, use, maintenance, and release of protected information.
Develop, implement, and monitor administrative, technical, and physical safeguards to mitigate unauthorized intrusion, malicious misuse, or inadvertent compromise of protected information.
All individuals working with protected information are responsible for collecting, using, maintaining, and releasing it in accordance with federal and state laws or regulations, as well as CSU policies and procedures.
CSUF PRESIDENT'S DIRECTIVE NO. 13
PRESIDENT'S DIRECTIVE NO. 13
CSUF Information Security DIRECTIVE
This Directive applies to the collection, use, maintenance, and release of protected information by the University or, when applicable, by any of its auxiliary or affiliate organizations and the development of a campus wide information security strategy. Securing information protected by federal and state law as well as California State University (CSU) policies and procedures, is essential. As such, the University will: Comply with all federal and state laws and regulations, as well as CSU policies and procedures, concerning the collection, use, maintenance, and release of protected information. Develop, implement, and monitor administrative, technical, and physical safeguards to mitigate unauthorized intrusion, malicious misuse, or inadvertent compromise of protected information. All individuals working with protected information are responsible for collecting, using, maintaining, and releasing it in accordance with federal and state laws or regulations, as well as CSU policies and procedures.
CSUF PRESIDENT'S DIRECTIVE NO. 13
Policy for Sending Unsolicited Electronic Announcements
Cal State Fullerton maintains an electronic message network exclusively for its students, faculty and staff, as well as staff of its auxiliaries and affiliate organizations (Emeriti, for example), to facilitate the achievement of its Mission and Goals. This Policy outlines acceptable content and methods of distributing unsolicited electronic announcements through that system.
I. Distribution of Electronic Announcements
A faculty or staff member in the fulfillment of their employment responsibilities may send an unsolicited electronic announcement to a group of individuals involved in or associated with a specific program (for example, all students involved in Educational Outreach), category (for example, all students past due on payments or all part-time faculty), operational unit (for example, all staff in the Division of Student Affairs) or academic unit (for example, all students with the same major or all faculty and staff in the same department).
A Division Head may send an unsolicited electronic announcement to generic groups of account holders such as "all faculty," "all students," "all students in a particular college," or "all staff" to communicate information they deem critical to the achievement of the university's Mission and Goals. These messages may be sent from the desktop of the Division Head or their designee and must be limited to the following: - Messages from the President - A health or safety issue, or an issue of a similar nature, impacting a significant portion of the campus community - Physical plant conditions or activities impacting a significant portion of the campus community - The university's network - CSU or university policies and procedures - Employment-related issues or - Student academic deadlines, requirements and other information, including financial
II. Campus Bulletin Board
A faculty or staff member in the fulfillment of their employment responsibilities, or a student or affiliate club or organization sponsoring a campus event, may request that the appropriate Division Head or designee post an unsolicited electronic announcement to the campus electronic message website (currently operating as the Campus Bulletin Board). These messages must originate from a university department, unit, division or program; auxiliary; or a student or affiliate club or organization.
III. Content Guidelines
Unsolicited electronic announcements that pertain to profit making, selling, promoting or other entrepreneurial activities of individuals or groups unaffiliated with the university; imply university endorsement of a partisan, political or religious position; serve as a conduit for organizations or individuals not affiliated with the university; or contain messages of a political or personal nature may not be sent unless (a) representative of a university position or Board of Trustees' action or (b) authorized under federal or state law or a ratified MOU.
IV. Responsibility
The Chief Information Officer will administer this Policy, and the Chief Information Officer or designee will serve as the university's Postmaster.
Senders of unsolicited electronic announcements will be held responsible for adhering to this Policy. Conduct that violates this Policy is subject to appropriate discipline, up to and including dismissal or expulsion. Questions concerning the appropriateness of an unsolicited electronic announcement may be directed to the Chief Information Technology Officer or designee.
Approved By: President's Administrative Board No prior version. Administered By: Chief Information Technology Officer Date: May 1, 2002
CSUF Faculty & Staff Password Policy
Based on CSU policy requirements and information security best practices, the campus password expiration guideline requires that all Faculty and Staff change their campus password during the months of February, May, and September.
CSUF Faculty & Staff Password Policy
CSU Responsible Use Policy
This policy is intended to define, promote, and encourage responsible use of CSU information assets among members of the CSU community. This policy is not intended to prevent, prohibit, or inhibit the sanctioned use of CSU information assets as required to meet the CSU’s core mission and campus academic and administrative purposes.
CSU Responsible Use Policy
Assessment results of this policy will be kept on record by Information Security Office.