Site Menu
- Policy
- University
- State & Federal
- Institutional Data
- Tools & Templates
- Standards & Frameworks
- FAQ
- Links
- Contact Us
- Site Map
What's New?
Gramm-Leach-Bliley Training New training created for those with access to customer information at the university.
Units Can Access Information Security Monthly Status Reports via Web Form Colleges and administrative units can submit their monthly information security status reports online using a web form. Use the links below to access the form and download instructions.
Hot Topics
- Institutional Data Policy Training
- Data Classification
- Implementation Plan
- University Security Standards (UCSS)
- Relevant Federal Laws & Regulations
Incident Response
University Computer Security Standards
Link to Compensating Control & Exception Request page
The Ohio State University data network is a shared resource used by the entire university community and its affiliates in support of the university’s business practices and academic missions. Access to the data network is both an essential tool for university life and work and a valuable privilege. University units and community members must cooperate to protect the network by securing computer and network devices in order to preserve that access.
The Chief Information Officer (CIO) is responsible for the efficient, effective and secure operation of the university data network. Concurrently, academic, administrative and support units are responsible for the efficient, effective and secure operation of their local networks.
The University Computer Security Standard (UCSS) is designed to help protect the university’s central and distributed telecommunications and computing environment from accidental or intentional damage and from alteration or theft of data while preserving university community members’ appropriate access and use.
The UCSS is comprised of multiple standards that include:
- Minimum Computer Security Standard (MCSS) - The security standard that applies to all computer and telecommunications devices, whether owned by the university, a university community member or a 3rd party organization, that connect to the university data network or support infrastructure either directly or indirectly.
- Critical Server Security Standard (CSSS) - This standard applies to all servers that have been deemed 'critical' based on the criteria in CSSS.
- Web Service Security Standard (WSSS) - This standard establishes security requirements for web applications, web services and web servers that are critical to The Ohio State University.
- Database Server Security Standard (DSSS) - Establishes security requirements for database servers that are critical to The Ohio State University.
Requesting approval of a compensating control or exception for any of the above standards can be done by filling out a web form at this location.
Frequently Asked Questions
FAQ for the above standards are found on the UCSS FAQ page.
Comments on this standard should be sent to ITSecurity@osu.edu
Further Questions?
If you have a question about any of the above standards, please use the form below to contact the Office of the CIO. We will respond to your inquiry as soon as possible.
