The university establishes configuration settings for information resources to ensure they operate as expected.


  • The intended audience includes information resource owners and custodians; and pertains to information resources considered moderate or high impact.


  • 1

    The information resource owner, or designee, shall:

    • 1.1

      Establish mandatory configuration settings for components employed within the information resource;

    • 1.2

      Configure security settings of information resource components to the most restrictive mode consistent with operational requirements;

    • 1.3

      Document the configuration settings; and

    • 1.4

      Enforce the configuration settings in all components of the information resource.