Carnegie Mellon University


Guidelines are general recommendations or instructions that provide a framework for achieving compliance with one or more Policies.  They use terms such as "should" and "should not" and are not by themselves enforceable.  Guidelines are usually tailored to a specific technology or environment.  As a result, Guidelines are reviewed and updated more frequently than Policy.  Guidelines published by the Information Security Office go through a formal review process that includes review by Computing Services, the Departmental Computing Group and other University stakeholders identified on a case-by-case basis. The following are Guidelines published by the Information Security Office unless noted.  If you have any questions, comments or concerns related to these Guidelines, please get in touch with the ISO at unless otherwise noted.

Name  Version
Last Updated
Guidelines for Appropriate Use of Administrator Access 1.3 12/01/2007 09/13/2023
Guidelines for Bulk Email Distribution 1.4 10/01/2007 09/08/2023
Guidelines for Data Classification 2.0 09/15/2009 04/14/2023
Guidelines for Data Protection 2.0 01/31/2020 02/22/2022
Guidelines for Data Sanitization and Disposal (Part of the Guidelines for Data Protection) 2.0 01/31/2020 02/22/2022
Guidelines for Email Retention 1.0 11/13/2020 09/11/2023
Guidelines for Instant Messaging Security and Usage 1.0 07/21/2006 09/12/2023
Guidelines for Internal Data Sharing and Use* 1.0 02/14/022 02/14/2022
Guidelines for Mobile Device Security and Usage 1.1 03/01/2005 09/12/2023
Guidelines for Open Mail Relay Security 1.1 06/08/2004 09/13/2023
Guidelines for Password Management 1.6 12/01/2007 09/13/2023
Guidelines for Proxy Server Security 1.1 06/20/2004 09/13/2023
Guidelines for Recursive DNS Server Operations 1.1  02/27/2003 09/13/2023
Guidelines for Web Server Security 1.0 10/28/2005 09/13/2023
Guidelines for Windows Administrator Accounts 1.0 04/11/2006 09/13/2023
*Please contact the Data Governance Office at with your questions, comments, or concerns.

Computing Services publishes guidance on various other topics.  These Guidelines can be found by clicking here.