You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Need more help?

See the Quick Start Digital Tools for Students page

Contact the ITS Service Center:

(716) 673-3407
W203 Thompson Hall


A server is defined as a host that provides a network accessible service.

  1. Follow the minimum security standards in the table below to safeguard your servers.


PatchingBased on National Vulnerability Database (NVD) ratings, apply high severity security patches within seven days of publish and all other security patches within 90 days. Use a supported OS version.
Vulnerability ManagementPerform a monthly Qualys scan. Remediate severity 4 and 5 vulnerabilities within seven days of discovery and severity 3 vulnerabilities within 90 days.
InventoryReview and update NetDB and SUSI records quarterly. Maximum of one node per NetDB record.
Firewall Enable host-based firewall in default deny mode and permit the minimum necessary services.
Credentials and Access ControlReview existing accounts and privileges quarterly. Enforce password complexity. Logins with SUNet credentials via Kerberos recommended.
Two-Step Authentication Require Duo two-step authentication for all interactive user and administrator logins. 
Centralized Logging Forward logs to a remote log server. University IT Splunk service recommended. 
Sysadmin TrainingAttend at least one Stanford Information Security Academy training course annually. 
Malware ProtectionDeploy Cb Protection (formerly Bit9) in high enforcement mode. Review alerts as they are received. 
Intrusion DetectionDeploy Cb Protection (formerly Bit9) on supported platforms, otherwise use OSSEC or Tripwire. Review alerts as they are received. 
Physical Protection Place system hardware in a data center. 
Dedicated Admin Workstation Access administrative accounts only through a Privileged Access Workstation (PAW).  
Security, Privacy, and Legal Review Request a Security, Privacy, and Legal review and implement recommendations prior to deployment.  
Regulated Data Security Controls Implement PCI DSS, HIPAA, FISMA, or export controls as applicable.  

Short URL to this page:


There is no content with the specified labels