Guidelines

Guidelines are general recommendations or instructions that provide a framework for achieving compliance with one or more Policies. They use terms such as "should" and "should not" and are not by themselves enforceable. Guidelines are usually tailored to a specific technology or environment. As a result, Guidelines are reviewed and updated more frequently than Policy. Guidelines published by the Information Security Office go through a formal review process that includes review by Computing Services, the Departmental Computing Group and other University stakeholders identified on a case-by-case basis. The following are Guidelines published by the Information Security Office. If you have any questions, comments or concerns related to these Guidelines, please don't hesitate to contact us at iso@andrew.cmu.edu.

Name	Version	Published	Last Updated
Guidelines for Appropriate Use of Administrator Access	1.0	12/01/2007	N/A
Guidelines for Bulk Email Distribution	1.0	10/01/2007	N/A
Guidelines for Copyright Violations	1.1	07/11/2003	10/17/2005
Guidelines for Data Classification	1.0	09/15/2009	09/15/2011
Guidelines for Data Protection	1.0	09/15/2009	09/15/2011
Guidelines for Data Sanitization and Disposal (RETIRED)	1.0	10/01/2007	N/A
Guidelines for Instant Messaging Security and Usage	1.0	07/21/2006	07/21/2006
Guidelines for Mobile Device Security and Usage	1.1	03/01/2005	10/18/2005
Guidelines for Open Mail Relay Security	1.1	06/08/2004	11/03/2005
Guidelines for Password Management	1.2	12/01/2007	09/13/2012
Guidelines for Proxy Server Security	1.1	06/20/2004	11/03/2005
Guidelines for Recursive DNS Server Operations	1.1	02/27/2003	10/17/2005
Guidelines for Web Server Security	1.0	10/28/2005	N/A
Guidelines for Windows Administrator Accounts	1.0	04/11/2006	N/A

Computing Services publishes guidance on various other topics. These Guidelines can be found by clicking here.