Policies

  • Digital Certification

    Definitions

    SSL secured session - An SSL session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client by using public-key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows.

     

  • Credit Card Payment Processing and PCI Security

    Purpose & Scope

    SF State is committed to limiting the proliferation of sensitive data and maintaining the security of customer information, including payment cardholder information such as payment card account number, expiration date, and payment cardholder verification number. To uphold this commitment, SF State follows the best practices for protecting payment card information as required by merchant banks and controls recommend by the Payment Card Industry Security Standards Council.

  • Change Control

    Purpose and scope

    This Practice Directive defines requirements for system change management for San Francisco State University-owned information technology systems, network resources (such as switches, routers and firewalls) and applications.

    Practice Directive

    All information technology systems, network resources and applications owned by San Francisco State University will be administered according to a documented and management approved change control process.

  • Analog Modem Security and Requests

    Purpose and Scope

    This Practice Directive is applicable to all SF State departments and operational units operating network devices, production servers, academic systems, and academic servers. This document describes San Francisco State University's Practice Directives for analog lines connecting modems to computers.

    Practice Directive

    Computer-to-Analog Line (Modem) Connections

    Remote access should occur via secure and approved methods such as VPN rather than via modems wherever possible.  Therefore, effective August 1, 2010:

  • Administrative Account Access Control

    Purpose and Scope

    This Practice Directive provides direction and support for managing access to SF State information assets and guidance for granting access to SF State information assets, separating duties of individuals who have access to SF State information assets, conducting reviews of access rights to SF State information assets and modifying users' access rights to SF State information assets.

  • Procurement Card & University Liability Cards

    The P-Card should be the primary means to obtain approved supplies costing $2,500 or less per transaction (including tax and shipping). Cardholders are encouraged to use the Procurement Card for such purchases to achieve cost savings for the university and improve processing time. Use of the P-Card reduces the traditional and labor intensive procurement process for these types of purchases. 

  • Online Directory

    Purpose & Scope

    SF State University promotes communication among all members of the University community and the public that it serves. To enhance communication, the University is committed to maintaining an online directory that contains current contact information of all current SF State faculty and staff.

     

  • Active Directory

    Purpose & Scope

    Active Directory (AD) is a directory of people, computers, and groups that provides a way to manage security, software and other aspects of the computers. Through the central AD services, Information Technology Services (ITS) is able to provide authentication to the computers participating in the AD using SF State ID, eliminating the need for a separate local or other accounts.