Carnegie Mellon University

Documentation Index

Assessments

Name Version
Published
Last Updated
Security Assessment Process Flow Diagram 1.0 05/03/2006 02/11/2014
Security Assessment Questionnaire 1.5 01/29/2007 02/11/2014

Guidelines

Name  Version
Published
Last Updated
Guidelines for Appropriate Use of Administrator Access 1.0 12/01/2007 N/A
Guidelines for Bulk Email Distribution 1.0 10/01/2007 N/A
Guidelines for Copyright Violations 1.1 07/11/2003 10/17/2005 
Guidelines for Data Classification 1.0 09/15/2009 09/15/2011
Guidelines for Data Protection 1.0 09/15/2009 09/15/2011
Guidelines for Data Sanitization and Disposal (RETIRED) 1.0 10/01/2007 N/A
Guidelines for Instant Messaging Security and Usage 1.0 07/21/2006 07/21/2006 
Guidelines for Mobile Device Security and Usage 1.1 03/01/2005 10/18/2005
Guidelines for Open Mail Relay Security 1.1 06/08/2004 11/03/2005
Guidelines for Password Management 1.1 12/01/2007 05/14/2008
Guidelines for Proxy Server Security 1.1 06/20/2004 11/03/2005
Guidelines for Recursive DNS Server Operations 1.1  02/27/2003 10/17/2005
Guidelines for Web Server Security 1.0 10/28/2005 N/A
Guidelines for Windows Administrator Accounts 1.0 04/11/2006 N/A

Policies

Name  Version
Published
Updated
Data and Computer Security Policy (RETIRED) 1.1 05/01/1990 04/01/2001
Gramm-Leach-Bliley Act Information Security Program Policy 1.0 05/16/2003  N/A
HIPAA Information Security Policy 1.0 02/15/2008 N/A
Information Security Policy 1.0 12/17/2008 N/A
University Computing Policy 1.0 05/16/2003 N/A

Procedures

Name  Version
Published
Updated
Procedure for Employee Separation 1.0 10/08/2008 N/A
Procedure for Requesting Access to Network Data for Research 1.1 07/06/2006 09/04/2007
Procedure for Responding to a Compromised Computer 2.0 05/11/2006 04/18/2008

Regulatory Compliance

Name  Version
Published
Updated
HIPAA Security Frequently Asked Questions 1.0 02/15/2008 N/A
HIPAA Security Rule Policy Map 1.0 02/15/2008 N/A

Roles & Responsibilities

Name  Version
Published
Updated
Information Security Roles & Responsibilities (DRAFT) 1.0 09/21/2009 09/15/2011

Standards

Name  Version
Published
Updated
Site to Site VPN Standards (DRAFT) 0.1 12/12/2007 N/A