Policy Name: Devices Connected to the OCC Computer Systems and Communications
Responsibility for Maintenance: Information Technology
Date of most recent
changes: June 19, 2015
Devices connected to
the OCC computer systems and communications networks must have adequate
controls, security, and maintenance to protect the College, its computer
systems and communications networks. Devices connected to the OCC computer
systems and communications networks must meet the security standards outlined
in the policy. OCC does not provide technical support for the use of personal
owned devices, equipment or software.
Reason for Policy
The College's ability
to conduct its business is dependent on reliable and secure access to its
computer systems and communications networks. The OCC computer systems and
communications networks and may be jeopardized by computers/workstations,
servers, and other devices that are not adequately maintained or protected from
virus, phishing, worm and other malicious and evolving cyber-risk and attacks.
Applicability of the Policy
This policy applies
to all devices connected to the OCC computer systems and communications
Title or Position
of Enterprise Infrastructure
Device can be a computer/workstation, laptop, server, printer, mobile device,
internet devices or any other instrument capable of connecting to and interacting with the OCC
computer systems and communications networks and/or other devices on the
computer systems and communications networks.
Principal User is an individual who is the primary user of, or the individual
or group responsible for the administration of a device.
the purposes of this policy, a device is considered compromised once it has
1. That its security is breached and that unauthorized processes or user(s) have access to and are able to control its data and/or
2. That it has been configured in a way that could threaten, harm, or interfere with the operation, integrity, or network access of other
3. That it is actively being used to threaten, harm, or interfere with
the operation, integrity, or network access of other devices.
4. Does not meet the security
standards outlined in this policy.
Device is considered vulnerable once it has been substantiated that known
actions necessary to prevent it from being compromised have not been taken -
despite those actions having been recommended by the Office of the Vice President & CIO or by
entities charged by the Vice President & CIO to secure the OCC computer systems and
Device is considered connected to the OCC computer systems and communications
networks when it is attached:
1. To a trusted port (not requiring authentication for its use) on the
2. To a port in the Residence Halls;
3. To an open Ethernet port (requiring authentication to a firewall
for its use) on the network;
4. To a wireless access point (requiring authentication for its use) on the
5. Through an ISP via a VPN (virtual private network) session;
6. Via connections established at institutions affiliated with the
College, such as Onondaga County offices; or
7. By any means that enables its access to the College network.
computer that delivers information and software to other computers linked by
Connecting a Device
to the College Network: A Principal User who connects a Device to the OCC
computer systems and communications networks is responsible for assuring the
Device is properly secured and protected against compromise. Specifically, any
Device connected to the OCC computer systems and communications networks must
- If a Server, be
housed and maintained in OCC’s IT computer room, or have received approval from
IT for an alternate arrangement.
- Have an authorized
static IP address or be appropriately registered for DHCP;
- Be configured to
run a supported version of an operating system for which patches for newly
identified security breaches are developed and distributed in a timely manner;
- Be configured in
such a way that known vulnerabilities - such as open FTP ports and open relays
- are eliminated or minimized;
- Be maintained in
such a way that patches which close known security breaches are applied as soon
as they become available;
- Have antivirus
software installed on it that runs continuously and is updated regularly;
- Be scanned and
determined to be free of viruses and other known compromises that may have been
introduced to its operating environment;
- Be used for
appropriate purposes related to the educational and research mission of the
College or to the conduct of its legitimate business activities; and
- The ID and
password allowing the highest level of administrative access to a server must
be escrowed with IT. That is, procedures for access to the administration
ID/Password for a server must be made available to IT’s Network Computing
management in the event of problems or emergency.
Security Standards for Mobile Devices
Connected to the OCC Network:
a non-trivial pass code with a minimum required length of four characters.
a mobile device is lost or stolen, the Helpdesk should be contacted at 498-2999
to facilitate network password changes or other security measures to prevent
loss of College data.
an inactivity timeout to automatically lock the device after a maximum of 10
Violations: Any Principal User who violates this
or other OCC policies, procedures, contractual obligations, or applicable state
or federal laws, will be subject to appropriate disciplinary and legal action,
including, but not limited to, the limitation or denial of access to OCC’s
computer systems and communications networks. Violators may also be subject to
disciplinary action, up to and including termination.
Any device to be connected to the campus network requires the knowledge
and authorization of the Information Technology department. OCC does not
provide technical support of personal owned device, equipment and/or software.
Unprotected or corrupted devices may cause outages and compatibility issues
with the OCC computing environment.
OCC reserves the
right to revoke access to computer systems and communications networks for
devices that fail to meet the security standards in this policy or may be
considered vulnerable or compromised.
The authorized use of Onondaga Community College’s computer systems and
communications networks by student, faculty, staff, and authorized visitors
shall be consistent with this Policy.
Approved by the
President June 29, 2009
Updated and approved
by the President April 14, 2014
Updated and approved
by the President June 19, 2015