University Information Technology Policies
A complete list of IT policies can be found on the CSU Policy Library, which provides the full text of university policies along with links to related procedures, documents and resources.
CSU Policy LibraryAcceptable Use for Computing and Networking Resources
This policy establishes what constitutes acceptable use of computing and data systems, equipment, and services at CSU to assure that they are available to everyone as needed for the University’s business needs.
Accessibility of Electronic Information and Technologies
This policy complements the Inclusive Physical and Virtual Campus Policy by deploying electronic and information technology (EIT) that is designed, developed, or procured to be accessible to everyone, including those who use assistive technologies.
Central Administrative Data Governance
This policy formalizes policies, procedures, and oversight for the CSU administrative data environment, balancing the issues of providing and accommodating access while ensuring that there are reasonable and prudent safeguards to protect and preserve the security, integrity and privacy of those data.
Domain Name Services
This document describes the University’s policy regarding how names in the colostate.edu domain is to be allocated.
Electronic Communications to Students
This policy exists to define the environment for students to receive official University communications that are necessary for their activities at CSU and limits the use of certain information systems and data provided by the University for purposes of communicating with students via email and text messaging.
Information Technology Security
CSU’s IT Security policies are presented in five sections: (1) general policies and guidelines that pertain to the University’s overall IT environment, and are the responsibility of the department owning the IT environment, (2) mandatory, minimum IT security policies that are to be applied to every CSU IT system, (3) specific requirements to protect credit card information, as mandated by the credit card industry, (4) policies for the use of external Cloud resources to store CSU data, and (5) defines the governance of these policies.
Information Collection and Personal Records Privacy
This policy addresses access to and use of certain personally identifiable information stored in paper or electronic form.
Mobile Communications
This policy provides mobile communications devices and services for use by University employees, primarily for non-compensatory University business purposes.
Network Identity (NetID)
This policy defines the NetID system, which provides a simplified and secure form of authentication and authorization across multiple university electronic systems and services. It also requires all students and university employees to have a NetID and gives guidance on how NetID is used at CSU.
Red Flags
This program was developed with oversight and approval of the Board of Governors of the Colorado State University System as an Identity Theft Prevention Program pursuant to the Federal Trade Commission’s Red Flags Rule.
Division of IT Standards & Processes
Change Freeze Periods
The Division of IT sets standard change freeze periods during the start and end of each term.
Classroom Standards
Visit Classroom Support Services for information on general and AV classroom standards.
Credit Card Security
Merchants at Colorado State University that take credit card payments for goods and services are required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), whether conducting e-commerce, mail-order/telephone-order, mobile, or retail transactions.
Email Sending Limits
Visit Email Sending Limits for the sending limitations that apply to Colorado State and CSU Pueblo Microsoft 365 (M365) email accounts.
Operating System Requirements
Devices used to access CSU resources must use software supported by the vendor and patched against vulnerabilities, including the operating system (OS) running the device. Visit End-of-Life and Out-of-Support Operating Systems for more information.
Security review for major IT purchases
All major IT purchases (those exceeding the dollar threshold for Documented Quotes) must go through a security review before the request for purchase will be approved to comply with state and federal requirements, as well as the CSU IT Security Policy. The Procurement department will forward all major purchase requests to the Division of Information Technology for review. A security review may request additional information from the vendor. To avoid undue delays, those planning to purchase a major IT system or service may request an evaluation in advance by emailing Chief Information Security Officer, Steve Lovaas. Visit IT Purchase Security Review for more details.
Technology Standards
The Division of IT provides support and training for software products that are current standards across campus. Visit Minimum Technology Standards for more information.
Telecom Standards & Agreements
Visit Networking & Telecommunications Policies & Agreements for information on phone policies, service rates, design standards, and communication room agreements.