For all units that accept credit cards as a method of payment for goods or services in relation to university business/operations, Cornell University requires compliance with Payment Card Industry – Data Security Standards (PCI-DSS) protocols, and with the procedures outlined in this document.
Cornell University requires people who use its information technology resources to do so in a responsible manner, abiding by all applicable laws, policies, and regulations.
Cornell University expects all individuals using information technology devices connected to the Cornell network to take appropriate measures to manage the security of those devices.
Users of information technology devices connected to the Cornell network must report all electronic security incidents promptly and to the appropriate party or office.
Cornell University owns and operates its electronic mail (e-mail) infrastructure, which must be managed for the entire university community in a manner that preserves a level of privacy and confidentiality in accordance with relevant laws, regulations, and university policy.
Cornell University requires the central recording of all domain names purchased with Cornell funds and the registration of those names within the cornell.edu domain or served by Cornell domain name servers.
Cornell University requires network administrators or users to register all devices (including wireless hubs and switches) connected to the network in a continuously updated central CIT network registry service.
Cornell University owns and manages university electronic identifiers. In the course of its business and missions, it provides its community with access to information technology (IT) resources, such as email, internet, and network devices through these identifiers.
Cornell University expects all data stewards and custodians who have access to and responsibilities for university data to manage it as set forth in this policy.