Governor's State University
Apply Now

Acceptable Use Policy for Computing and Networking (Policy 64)

Approved By:

President Cheryl Green

Issued:

Revised:

Revised: 11/06/2023

Last Reviewed:

Related Policies:

Policy Owner / Contact Person:

Information Technology Services

Additional References:

Policy Categories:

Information Technology Policies

  1. Policy Statement

    The GovState Network is provided to support education, research, and the public service mission of 
    the University, and its use is limited to those purposes. This policy describes the base 
    responsibilities required of GovState Network users.

  2. Purpose

    This purpose of this policy is to establish guidelines to support the usability, safety, and security of the GovState Network.

  3. Scope

    This policy is in effect for all users of the Governors State University (GovState) Network. 

  4. Roles and Responsibilities

    Individuals are required to comply with the components of this policy as applicable. 

  5. Credit and Source

    This policy was developed internally.

  6. Definitions
    1. Individual - Any person that accesses or consumes technology services (data, systems, 
      printers, and other resources) provided by the University. 
    2. GovState Network (the Network) – The data, data storage, communication, and computing 
      systems established, maintained, and or administered by the University.
    3. Security Risk – Something that could compromise the confidentiality, integrity, or 
      availability of University data.
    4. Application Owner – The GovState individual or department responsible for a specific 
      application. 
    5. Server Administrator – The GovState individual or department responsible for the operation 
      and maintenance of a specific server. 
    6. Academic Freedom – Academic freedom gives both students and faculty the right to express their views — in speech, writing, and through electronic communication, both on and off campus — without fear of sanction, unless the manner of expression substantially impairs the rights of others.
    7. Fair Use – Under the "fair use" rule of copyright law, an author may make limited use of 
      another author's work without asking permission. The fair use privilege is perhaps the 
      most significant limitation on a copyright owner's exclusive rights. 
    8. Family Educational Rights and Privacy Act (FERPA) – The Family Educational Rights and 
      Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the 
      privacy of student education records. The law applies to all schools that receive funds 
      under an applicable program of the U.S. Department of Education. FERPA gives parents 
      certain rights with respect to their children's education records. These rights transfer to 
      the student when he or she reaches the age of 18 or attends a school beyond the high 
      school level. 
    9. Mobile Devices - Any device which is easily portable of which includes, but not limited to 
      laptops, tablets, and smartphones.
  7. Policy

    1. Adherence to Other Policies

      All users must adhere to applicable university policies and procedures regarding the use 
      and security of the GovState Network. 

    2. Laws and Regulations
      1. Individuals will comply with applicable laws and regulations. Examples include 
        the following: 
        1. The Family Educational Rights and Privacy Act of 1974 (FERPA) 
        2. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 
        3. The Illinois Identity Protection Act (5 ILCS 179/1, et seq.) 
        4. The Illinois Personal Information Protection Act (815 ILCS 530/1)
    3. Information Security
      1. Security Awareness Training – Access to the Network will only be granted to 
        individuals that have taken University-provided security awareness training 
        within the previous 12 months. Access to the Network may be suspended if an 
        individual fails to complete training within 12 months of the previous training. 
      2. Security Risks - In the event of a suspected security risk, ITS may take 
        appropriate action including revoking access to the Network. Suspected security 
        risks may be investigated and reported to the appropriate authorities. 
      3. Compromised Devices – Any device suspected of having its security 
        compromised will be immediately removed from the Network and completely 
        erased prior to being returned to service. Potentially compromised devices may 
        also be forensically imaged and/or retained for additional investigation before 
        being returned to service. 
      4. Confidentiality – Data collected in response to a suspected or confirmed 
        security incident is classified as ‘restricted’ under the GovState Data Classification 
        Policy. No disclosure of this data can be made without the approval of the GovState 
        General Counsel. 
      5. Application Owner and Server Administrator Responsibilities – Application 
        owners and Server administrators are responsible for the security of the 
        systems and data under their control and must follow all established rules to 
        ensure the confidentiality, integrity, and availability of the information 
        contained or processed therein. 

    4. Academic Freedom

      Principles of academic freedom and the laws that govern “Fair Use” apply in full 
      to electronic information and communications.

    5. GovState Network Access 
      1. Individual campus units and departments that provide access to the GovState
        Network are responsible for ensuring that use is consistent with University 
        policies and contractual obligations governing the software and/or services 
        offered on the GovState Network. 
      2. The Network may not be used for commercial or political purposes and may not 
        be used by non-University entities, except as specified by contract. 
    6. Remote Access
      1. Remote access to the GSU Network is provided as needed via a virtual private 
        network (VPN). All VPN users must utilize their University-provided account and 
        multi-factor authentication.
      2. Remote access granted to third parties must be disabled when not actively used 
        and must be actively monitored while in use. 
    7. Accounts and Passwords
      1. Except where not possible and explicitly authorized, access to any Network 
        resource, server, application, and/or service must utilize the University’s Single 
        Sign-On service and multi-factor authentication. 
      2. Except where required for public access or otherwise explicitly authorized, 
        access to the Network will require a unique account for each individual. 
        1. The University will provide Individuals with an account for the purposes 
          of accessing the Network in conjunction with their University-related 
          activities. 
        2. Accounts may not be used by anyone aside from the individual to which 
          the account is assigned. 
        3. Individuals must choose a password for their account. Password 
          requirements are located in the Policy 64 Procedures document.
        4. Accounts will be temporarily locked after a certain number of 
          incorrect authentication attempts. 
        5. Passwords may not be shared or disclosed to others.

    8. Resource Consumption

      Any use of the GovState Network that noticeably degrades services to others will be 
      reviewed by ITS. Exceptional measures, such as suspension of accounts or lowering the 
      service priority of the offending application may be initiated, if needed, to protect the 
      quality of service to others. 

    9. Copyright

      Unauthorized materials and/or software in violation of copyright will be removed from 
      the Network. See the Policy on Fair Use of Copyrighted Material for additional 
      information.

    10. Domains

      Only ITS approved and registered domains may be operated within the GSU Network address space.

    11. Monitoring and Scanning

      To ensure security, availability, and compliance with policies, procedures, laws, and 
      other regulations: 

      1. Network and system activity may be logged and monitored. 
      2. Devices connected to the Network may be scanned for enumeration and 
        vulnerability management. 

    12. Recommended Travel Guidelines

      Anyone taking any electronic devices that can store or communicate data, such as 
      laptop computers, compact and portable storage devices, GPS systems, phones, mobile 
      devices, and their associated software to another country should contact ITS staff to 
      ensure devices are in a “clean” state as defined by federal regulation (U.S. Treasury 
      Department’s Office of Foreign Assets Control – OFAC).

    13. Data Security
      1.  All University owned laptops and mobile devices must be encrypted using 
        approved encryption technology. 
      2. Non-public University data must be encrypted during transmission. 
      3. Non-public University data may not be stored on unencrypted removable 
        media. 
      4. Non-public University data may only be stored or processed on devices, storage 
        media, or services owned or explicitly authorized by the University. 
      5. The transmission of non-public University data to third parties is prohibited 
        unless explicitly authorized by the University. 
      6. The use of unauthorized applications and third-party service providers to store 
        or process non-public University data is prohibited.

    14. Unauthorized Wireless Networks

      Wireless Networks implemented and/or maintained by departments or individuals are 
      not permitted.

    15. Violations and Appeals

      Suspected unauthorized activities will be investigated and ITS may limit or revoke access 
      to the GovState Network. Individuals, who have had their access limited or revoked, may 
      appeal the Institutional Policy Committee.