Guidelines
Guidelines are general recommendations or instructions that provide a framework for achieving compliance with one or more Policies. They use terms such as "should" and "should not" and are not by themselves enforceable. Guidelines are usually tailored to a specific technology or environment. As a result, Guidelines are reviewed and updated more frequently than Policy. Guidelines published by the Information Security Office go through a formal review process that includes review by Computing Services, the Departmental Computing Group and other University stakeholders identified on a case-by-case basis. The following are Guidelines published by the Information Security Office unless noted. If you have any questions, comments or concerns related to these Guidelines, please get in touch with the ISO at iso@andrew.cmu.edu unless otherwise noted.
Please contact the Data Governance Office at dgo@andrew.cmu.edu with your questions, comments, or concerns.
Computing Services publishes guidance on various other topics. These Guidelines can be found by clicking here.