Generative AI Security Standard

1.0 Purpose

The purpose of this standard is to ensure the appropritate use of the UAA network with the following objectives:

  1. To guarantee a high-availability, secure and productive network and computing infrastructure serving faculty, staff, students and patrons.
  2. To improve the ability of UAA/IT to monitor and manage campus internetworks from end to end.
  3. To establish guidelines for creation of network extensions within campus internetworks.
  4. To define the limited role and guidelines for creation and operation of private networks within campus internetworks.
  5. To define actions that will be taken by UAA IT when exceptions to this procedure are identified.

2.0 Standard

2.1 Scope of Standard

The scope of this standard includes all UAA-operated facilities, including all UAA campuses and extension offices.

2.2 General Standards

  1. Computer, printer, and network equipment referred to in this section is classified as user equipment as defined in Section 4.0.
  2. Any computer connected to a campus internetwork directly or indirectly though a network extension or private network must comply with the following:
    1. Use either UAA IT-provided DHCP or a valid UAA IT-assigned static IP address for network identification;
    2. Use UAA IT-provided DNS services;
    3. Ensure that client antivirus software is fully operational and running at all times when such software is available; standard client antivirus software approved by UAA IT will be used for computers/operating systems specified in an approved manner.
  3. All network-attached printers and peripherals will use either UAA IT-provided DHCP or a valid UAA IT-assigned static IP address for network identification.
  4. Users will not operate separate DHCP or DNS services unless approved by UAA IT prior to connection to a campus internetwork.
  5. All network devices connected to a campus internetwork must comply with the following:
    1. Network devices must be approved by UAA IT prior to purchase;
    2. Network device setup and configuration must be approved by UAA/IT prior to connection to a campus internetwork;
    3. Network devices must be configured to permit UAA IT surveillance access for monitoring.
  6. The management demarcation point for network extensions that are managed by users will be a campus internetwork switch port connected to the network device that creates the network extension.
  7. The management demarcation point for network extensions that are managed by UAA IT will be any port within the network extension.
  8. Under extraordinary circumstances a user may require creation of a private network within a campus internetwork.  UAA IT will create such private networks on private virtual local area networks (VLANs) within a campus internetwork.  Proposals for creation of all private networks outlining business and security needs will be approved by the Chief Information Officer prior to procurement and installation.
  9. No external networks will be permitted within UAA-operated facilities.

3.0 Procedures

  1. UAA IT personnel will conduct monitoring and surveillance activities of all network ports within campus internetworks, including network devices which create network extensions or private networks.
  2. Exceptions to the standards outlined in Section 2.0 that are noted during routine surveillance or due diligence associated with implementation of this procedure will be immediately investigated by UAA IT.
  3. UAA IT will disconnect non-conforming user equipment from a campus internetwork at a demarcation point defined as either the campus internetwork port or the demarcation point defined in Section 2.2.6 or Section 2.2.7 above until compliance with this procedure is achieved.
  4. During routine monitoring and surveillance activities, if UAA IT determines that user equipment connected to a campus internetwork has been compromised by an unauthorized person or is unexpectedly and adversely impacting a campus internetwork, every attempt will be made to immediately contact the owner of the equipment and request immediate resolution of the noted problem.
  5. If, after one (1) hour from problem identification by UAA IT the user cannot be contacted or the noted problem is not resolved, UAA IT will disconnect the user equipment from the campus internetwork at the demarcation point specified in Section 2.2.6 or Section 2.2.7 above.
  6. Users whose user equipment has been disconnected from a campus internetwork will provide UAA IT with proof of resolution of problem(s) noted in Section 3.0.4 above prior to re-connection.

4.0 Definitions

See IT Policies and Standards Definitions.

5.0 References

Acceptable Use Policy - University IT Policy 104
/about/administrative-services/policies/information-technology/acceptable-use.cshtml 

University of Â鶹ÎÞÂë°æ Board of Regents Policy & Regulations

6.0 Standard Information

Standard Effective Date: 12/15/2004
Standard Revision Date: 02/25/2025
Standard Owner: Ryan McDaniel - Associate Vice Chancellor and CIO
Standard Author: Ryan McDaniel - Associate Vice Chancellor and CIO

(Release 02.07.1c, dated 12/15/04)