IT Administrative Regulations, Policies, Standards, Guidelines, Etc.

Note: To view the links with an asterisk, you will need to sign in using your linkblue credentials.
For questions, please contact Enterprise Cybersecurity: Cybersecurity@uky.edu.

Administrative Regulations

Administrative Regulations are policies adopted by the President to implement the Governing Regulations and provide for the general administration and oversight of the University. Chapter 10 addresses Information Technology.

• AR 10:1 - Policy Governing Access to and Use of University Information Technology Resources
• AR 10:2 - Information Technology Governance
• AR 10:3 - Institutional Data Management and Systems Acquisition
• AR 10:4 - Social Media Policies and Guidelines
• AR 10:5 - Electronic Signatures Policies and Procedures
• AR 10:7 - Security of Data
• AR 10:8 - Security of Information Technology Resources
  
  

Enterprise Policies

Enterprise IT policies are adopted by the Chief Information Officer to implement and enhance the University’s cybersecurity approach and provide for the general technology administration and oversight of the University.  These policies are high-level, mandatory statements used to define a course of action to govern behavior related to technology and cybersecurity and address specific systems, methods, and techniques.

• ITP 11:5 - Electronic Information and Computer Media Disposal Policy*
• ITP 11:10 - Access Control Policy*
• ITP 11:15 - Risk Management Policy* 
• ITP 11:20 - Data Center Physical & Environmental Protection Policy*
• ITP 11:25 - Administrator Rights for Machines *
• ITP 11:30 - Authentication Policy *
• ITP 11:35 - Baseline Configuration Policy
• ITP 11:40 - Copyright Compliance Policy
• ITP 11:45 - Domain Administrator Policy *
• ITP 11:50 - Elevated Rights Account on Enterprise Systems Audit
• ITP 11:55 - Information Security Policy
• ITP 11:60 - Local Administrator Password Solution Policy
• ITP 11:65 - Public Internet Access and Remote Access Policy (Public IP & RDP)
• ITP 11:70 - HealthCare Password Policy
• ITP 11:75 - Distance Learning Classroom Scheduling Policy
• ITP 11:80 - Smart Campus Student Responsibility & Liability Agreement for University-Owned Technology
• ITP 11:85 - Change Management Policy*
• ITP 11:90 - Gramm Leach Bliley Act (GLBA) Policy* 

Facilities Management IT Policies

Official Design Standards -  Top level page

Division 1 - General Requirements

• 010000S09- Design Guidelines for Greek Park (Guidelines for network infrastructure in new or renovated facilities)

Division 27 - Communications

• 270000S01 - Communications (Construction specifications related to communications systems)
• 274000 - Audio Video Communications (Audiovisual Standard) 5.18 Network and Security Infrastructure Requirements can be found in this document.

HealthCare Policies

UK HealthCare IT policies are approved and by adopted by the Chief Information Officer to implement and enhance the University’s cybersecurity approach and provide for the general technology administration and oversight of the healthcare enterprise.  These policies are high-level, mandatory statements used to define a course of action to govern behavior related to technology and cybersecurity and address specific systems, methods, and techniques. UK HealthCare specific policies can be found here. 

Standards

Standards are adopted by the Chief Information Officer to provide prescribed levels or criteria to follow when applying policies throughout the University.

• ITS 12:1 - Encryption Standard*
• ITS 12:10 - Data Classification Standard*
• ITS 12:15 - Minimum Security Standard for Endpoint Devices
• ITS 12:20 - Servers and Enterprise Applications Security Standard
• ITS 12:25 - Standard for Elevated Rights Accounts
• ITS 12:30 - Vulnerability Remediation
• ITS 12:35 - Web Applications Standards *
• ITS 12:40 - Enterprise Support End of Life Standard

Guidelines

Guidelines are adopted by the Chief Information Officer and are best practices designed to achieve policy objectives where factors may prevent rigid requirements.

• ITG 13:1 - Cybersecurity Best Practices for macOS devices
• ITG 13:5 - Password Guidelines for Elevated Rights Accounts 
• ITG 13:10 - Student Hardware & Software Guidelines
• ITG 13:15 - Technology Guidelines for Working Remotely
• ITG 13:20 - Best Practices for IoT, SCADA, and BacNet Devices
• ITG 13:25 - Best Practices for Keeping A Windows PC Updated 
• ITG 13:30 - Chat, Team, and Channel Best Practices for Microsoft Teams
• ITG 13:35 - Teams Document Sharing Best Practices
• ITG 13:40 - Cybersecurity Best Practices When Working Remotely
• ITG 13:45 - Best Practices For Working at Home

Procedures

Procedures are adopted by the Chief Information Officer and provide individual, discrete steps employees follow when performing duties that are repeatable or operational.

IT procedures

• ITR 14:1 - Enterprise Cybersecurity Incident Response Plan *
• ITR 14:5 - How do I resolve a DMCA or copyright compliance violation?
• ITR 14:10 - IT Policy Procedure
• ITR 14:15 - Change Management Procedure*

UK Business procedures (IT related)

• Q-1-1 - UK Business Procedure: General IT Responsibilities
• Q-1-2 - UK Business Procedure: Policy for Use of Cell Phone Provided to Employees
• Q-1-3 – UK Business Procedure: How to Obtain IT Communication Services
• Q-1-4 – UK Business Procedure: IT Billing Services
• Q-1-5 – UK Business Procedure: IT Service Center
• Q-1-6 – UK Business Procedure: Electronic Signatures 

Baselines

Baselines are adopted by the Chief Information Officer and serve as a specific set of instructions or documents that contain configuration requirements.

• ITB 15:1 - Test Account Lifecycle Management
• ITB 15:5 - Security Breach Notification Requirements