NET-S009 Data Protection and Logging

The online version of this policy is official. Therefore, all printed versions of this document are unofficial copies.

1.0    SCOPE:  
1.1    This Standard describes the protection of data in transit and the use of data logs as a record of activity on a network appliance.

2.0    RESPONSIBILITY:  
2.1    Director of Network Services

3.0    APPROVAL AUTHORITY:
3.1    Chief Information Officer

4.0    DEFINITIONS:
4.1    802.1x: an IEEE standard that provides port-based access with protected authentication and data encryption methods.

5.0    Standard:
5.1    All wireless network traffic will be encrypted while in transit. This standard addresses NCSR PR.DS-2.
          5.1.1    The majority of university WiFi users access the wireless network using the 802.1x authentication process. All data crossing the 802.1x connection is encrypted.
          5.1.2    There are a couple scenarios where WiFi access is done via pre-shared key rather than 802.1x. Although the data in transit is encrypted, the level of encryption is far weaker than when using 802.1x.
5.2    Network Services will retain and use logs generated by network appliances. Those devices include the firewall, network access control unit, routers and switches. This standard addresses NCSR PR.PT-1.
          5.2.1    The aforementioned appliances all create and store logs locally in temporary or permanent memory. The amount and duration of log retention is currently determined by the ability of the appliance. Depending on the device, retention can be as short as a few hours and as long as three months. The amount of data is determined by the amount of available memory in the appliance. Data capacity can range from a couple hundred lines to millions.
          5.2.2    Logs are used as a reactionary tool. When an event occurs that requires analysis, log review takes place to assist with data collection that’s relevant to the targeted event.

6.0    ASSOCIATED DOCUMENTS:
6.1    NCSR POAM

7.0    RECORD RETENTION TABLE:

Identification Storage Retention Dispostion Protection
NA NA NA NA NA

8.0    REVISION HISTORY:
Date:    Rev.    Description of Revision:
2/1/2024        Initial Release
        


***End of Standard***