Policies

Policy on the Acceptable Use of Information Technology Resources

IT resources are provided to support the academic, research, instructional, and administrative objectives of the university. The UMD Policy on the Acceptable Use of Information Technology Resources sets forth standards for responsible and acceptable use of university information technology (IT) resources. These resources include computer systems, computer labs, applications, networks, software, and files.

Web Accessibility Policy

President Loh approved the Web Accessibility Policy in September 2017 on an interim basis. UMD is committed to creating and maintaining a welcoming and inclusive educational and working environment for people of all abilities and to ensuring equal access to information and services for all its constituencies. Web-based information and service delivery are the primary means by which the campus community and its visitors communicate and conduct business. These are minimum standards for the accessibility of all university Web pages used to conduct core university business and academic activities to ensure compliance with applicable state and federal regulations, specifically, Sections 504 and 508 of the Rehabilitation Act of 1973, and the Americans with Disabilities Act (ADA) of 1990.

Privacy Policy

This statement pertains exclusively to the collection of personal information on official university websites.

University Policies and Procedures

The Consolidated USM and UMD Policies and Procedures Manual provides the university community with a written record of approved and current administrative, academic, operational, financial, and business policies and procedures.

The University System of Maryland Bylaws, Policies, and Procedures detail additional policies, procedures, guidelines, and rules applicable to the entire University System of Maryland.

Maryland State Government

The State Information Technology Security Policy and Standards

Standards

IT Security Standards

University policy X-1.00(A), "Policy on Acceptable Use of Information Technology Resources" specifies that "Those using university IT resources, whether at the university or elsewhere, are responsible for complying with security standards set forth by the Vice President and Chief Information Officer (VP/CIO)." The following are those standards:

Standard for IT Security Roles and Responsibilities (IT-1)

Data Classification Standards (IT-2)

Web Accessibility Standards (IT-3) (replaced by the University of Maryland Web Accessibility Policy VI-10.0(E) approved on an interim basis September 12, 2017 then amended and approved April 5, 2018)

Interim Standard for Protecting Sensitive Information (IT-4)

UMD Cardholder Data Security Standards

The UMD Cardholder Data Security Standards apply to all UMD network infrastructures and IT elements that are attached to the Cardholder Data Environment and are transmitting or processing cardholder data.

Standard for Configuration of Routers and Firewalls on Networks Processing Cardholder Data

Standard for Vendor Supplied Defaults and Parameters on Networks Processing Cardholder Data

Standard for Protection of Cardholder Data

Standard for Encrypted Transmission of Cardholder Data

Standard for Managing Vulnerabilities within Networks Processing Cardholder Data

Standard for Access Control on Networks Processing Cardholder Data

Standard for Monitoring of Networks Processing Cardholder Data

Standard for Testing of Networks Processing Cardholder Data

Guidelines

Student Network Guidelines

The University of Maryland provides students with the capability to connect their computers to the university network in the residence halls, the houses on Fraternity Row, via wireless access points located throughout the campus, and at network jacks in select public locations. This access is provided for the purpose of facilitating student academic activity, whether or not such activity directly relates to formal course work. There are restraints on network use as stated in law and the university's Policy on the Acceptable Use of Information Technology Resources. There are restrictions placed on usage based upon the need for security and the costs associated with providing network services.

Student Network Guidelines

Decide Whether Data is Subject to HIPAA Guidelines

Decision flowchart to help guide data security planning