»IS&T Network Security Guidelines for Academic Systems

Purpose

To ensure the security and integrity of Chapman University’s digital infrastructure while supporting the academic and research needs of faculty and staff.

Scope

These guidelines apply to all servers, workstations, laptops and other network-capable devices (collectively referred to as “devices”) at Chapman University, including those managed by faculty, researchers, departments, and third-party collaborators.

Statement

Network Vulnerability Scanning

All devices connected to the Chapman University network must be accessible for routine network vulnerability scans conducted by the IS&T department. These scans are essential for identifying potential security risks and ensuring compliance with university-wide cybersecurity standards. IS&T will be able to install scanning agents and/or proxies within the academic or research networks.

Proactive Vulnerability Remediation

Owners of devices not purchased or managed by IS&T are responsible for timely remediation of identified vulnerabilities and misconfigurations. This includes applying necessary software patches, firmware updates, and configuration changes as recommended by IS&T. Delays in remediation may result in temporary network isolation to protect the broader university infrastructure.   

Administrative Access

Upon request, owners must provide IS&T with administrative credentials to their devices, including equipment purchased on a research grant. This access is strictly for security auditing, incident response, and support purposes. Credentials will be handled with the highest level of confidentiality and stored securely.   IS&T will not request credentials for personally owned devices.

Configuration Management

Device owners will maintain best practices for device configuration management, including deprovisioning unused systems, changing default configurations or passwords, and using the principle of least privilege for administrative accounts.

Administrative Account Management

All administrative accounts must use Multi-Factor Authentication where possible. Different passwords should be used for different accounts, including those in different environments such as test, development, and production.

Support for Academic Freedom and Research Needs

IS&T recognizes the importance of flexibility and autonomy in academic and research environments. These guidelines are not intended to restrict the functionality or purpose of any device, but rather to ensure that its operation does not pose a risk to the university’s network or data. IS&T will work collaboratively with faculty and researchers to balance security with operational needs.

Enforcement

Non-compliance with these guidelines may result in restricted network access or other actions necessary to safeguard university systems. IS&T will provide guidance and support to help users meet these requirements.

Contact

For questions or assistance, please contact the IS&T Security Office at infosec@chapman.edu.