Standards

Standards describe a specific use of technology, often applied to hardware and software. Standards support disaster recovery, and are mandatory like policies.

The following standards are in DRAFT format and will be updated in the near future. Once complete and approved, they will be removed from DRAFT status.

Client Computing Security Standard (CCSS)

  • Requires computers to use firewall software, have current software, anti-malware software and have a user name and password.

Critical Server Security Standard (CSSS)

  • Defines specific mandatory requirements for servers that have been deemed critical.

Database Server Security Standard (DSSS)

  • Defines specific mandatory requirements for database servers that have been deemed critical.

Web Server Security Standard (WSSS)

  • Defines specific mandatory requirements for web servers that have been deemed critical.

Local Administrative Privilege Standard (LAPS)

  • Defines requirements for developing a local administrative privilege process and plan.

Server Security Baseline Standard

  • Defines security baselines that must be implemented to harden the security of a server. 
  • University of Cincinnati Information Security
  • 132/134 University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221