Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Training
- Tools & Templates
- Standards & Frameworks
- FAQ
- Alternative Identifiers
- Data Classification and Access Control
- Gramm-Leach-Bliley Training
- Identity Theft Red Flag Training
- Information Security Implementation Plan
- Institutional Data Policy
- Institutional Data Policy Training
- Red Flags
- Restricted Data
- Social Security Numbers
- University Security Standards
- Campus Resources
- Contact Us
- Site Map
What's New?
- Identity Theft Red Flags Training begins.
- Learn about an IT Security Framework.
Hot Topics
- Institutional Data Policy Training
- Restricted Data Elements
- Implementation Plan
- University Security Standards (UCSS)
- Relevant Federal Laws & Regulations
2008-2009 IT Security Implementation Plan update!
The dates for the quarterly implementation plan submissions have been updated to reflect the 2008-2009 schedule.
Incident Response
University Computer Security Standards
Link to Compensating Control & Exception Request page
The Ohio State University data network is a shared resource used by the entire university community and its affiliates in support of the university’s business practices and academic missions. Access to the data network is both an essential tool for university life and work and a valuable privilege. University units and community members must cooperate to protect the network by securing computer and network devices in order to preserve that access.
The Chief Information Officer (CIO) is responsible for the efficient, effective and secure operation of the university data network. Concurrently, academic, administrative and support units are responsible for the efficient, effective and secure operation of their local networks.
The University Computer Security Standard (UCSS) is designed to help protect the university’s central and distributed telecommunications and computing environment from accidental or intentional damage and from alteration or theft of data while preserving university community members’ appropriate access and use.
The UCSS is comprised of multiple standards that include:
- Minimum Computer Security Standard (MCSS) - The security standard that applies to all computer and telecommunications devices, whether owned by the university, a university community member or a 3rd party organization, that connect to the university data network or support infrastructure either directly or indirectly.
- Critical Server Security Standard (CSSS) - This standard applies to all servers that have been deemed 'critical' based on the criteria in CSSS.
- Web Service Security Standard (WSSS) - This standard establishes security requirements for web applications, web services and web servers that are critical to The Ohio State University.
- Database Server Security Standard (DSSS) - Establishes security requirements for database servers that are critical to The Ohio State University.
Requesting approval of a compensating control or exception for any of the above standards can be done by filling out a web form at this location.
Frequently Asked Questions
FAQ for the above standards are found on the UCSS FAQ page.
Comments on this standard should be sent to ITSecurity@osu.edu
Further Questions?
If you have a question about any of the above standards, please use the form below to contact the Office of the CIO. We will respond to your inquiry as soon as possible.
