Search28 Results

The University is committed to establishing a welcoming and equitable digital experience. This policy provides direction on creating an accessible experience that enhances usability for everyone.
The University of North Carolina at Chapel Hill's (UNC-Chapel Hill) Wireless Standard provides a structure for managing wireless communications spectrum on the UNC-Chapel Hill campus. The UNC-Chapel Hill technology infrastructure is provided to support the UNC-Chapel Hill business and its mission of education, service, and research.
The University has obligations to ensure integrity and accessibility of records, and security of sensitive University information that may be sent or received via email. This policy advises affiliates of their obligations to use only their University email account and not personal email accounts for University business and to manage the records resulting from that use in accordance with applicable policy, standards, and procedures.
Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may wish to host or contract for separate email systems using either unc.edu sub-domains (such as "physics.unc.edu") or entirely separate domains (such as "unclatindepartment.org").
Protected Health Information (PHI) and Sensitive Information (SI) that is transmitted or received on behalf of the University of North Carolina at Chapel Hill by any Constituent must be encrypted in accordance with this Standard, which details required minimum encryption standards for University Tier 2 and Tier 3 information. Particular transmissions may require a heightened encryption requirement or consideration of additional legal or policy requirements.
This policy describes the terms required for use of ConnectCarolina, InfoPorte, associated reporting tools, and other University business applications (“Administrative Systems”).
This policy defines the framework upon which the information security program operates and gives direction for Information Security-related Policies, Standards, and Procedures to address specific areas of operation.
The UNC-Chapel Hill Incident Management Policy requires "every faculty member, staff member, student, temporary employee, contractor, outside vendor, and visitor to campus (AKA User) who has access to University-owned or managed information through computing systems, devices, or physical files" to "report Information Security Incidents" per the procedures defined. As defined in the UNC-Chapel Hill Incident Management Policy, sensitive information includes "card holder data," ...
Many information security incidents result from unauthorized access to information stored on computers. Frequently, access to such information is controlled through the use of passwords, pass-phrases, and other authentication methods.

The failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services.
The Onyen (originally, the "Only Name You'll Ever Need") is a campus-wide identifier used to gain access to various electronic resources. The Onyen provides each University user with secure access and ensures proper authentication when used in accordance with this policy.
This policy applies to all UNC-Chapel Hill Affiliates who have responsibility for covered computing devices.
This standard is intended to represent a minimum baseline for managing vulnerabilities on UNC-Chapel Hill systems required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities.
To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.