Carnegie Mellon University Website Home Page
 

Guidelines 

Guidelines are general recommendations or instructions that provide a framework for achieving compliance with one or more Policies.  They use terms such as "should" and "should not" and are not by themselves enforceable.  Guidelines are usually tailored to a specific technology or environment.  As a result, Guidelines are reviewed and updated more frequently than Policy.  Guidelines published by the Information Security Office go through a formal review process that includes review by Computing Services, the Departmental Computing Group and other University stakeholders identified on a case-by-case basis. The following are Guidelines published by the Information Security Office.  If you have any questions, comments or concerns related to these Guidelines, please don't hesitate to contact us at iso@andrew.cmu.edu


Name  Version
Published
Last Updated
Guidelines for Appropriate Use of Administrator Access 1.0
12/01/2007
N/A
Guidelines for Bulk Email Distribution
1.0
10/01/2007
N/A
Guidelines for Copyright Violations
1.1
07/11/2003
10/17/2005 
Guidelines for Data Classification 1.0 09/15/2009 09/15/2011
Guidelines for Data Protection 1.0 09/15/2009 09/15/2011
Guidelines for Data Sanitization and Disposal (RETIRED)
1.0
10/01/2007
N/A
Guidelines for Instant Messaging Security and Usage
1.0
07/21/2006
07/21/2006 
Guidelines for Mobile Device Security and Usage
1.1
03/01/2005
10/18/2005
Guidelines for Open Mail Relay Security
1.1
06/08/2004
11/03/2005
Guidelines for Password Management 1.2 12/01/2007
09/13/2012
Guidelines for Proxy Server Security
1.1
06/20/2004
11/03/2005
Guidelines for Recursive DNS Server Operations 1.1  02/27/2003
10/17/2005
Guidelines for Web Server Security
1.0 10/28/2005 N/A
Guidelines for Windows Administrator Accounts
1.0
04/11/2006
N/A


Computing Services publishes guidance on various other topics.  These Guidelines can be found by clicking here.