Author: Savino, Melanie

Information Security – Wireless Network Policy [#2014-08]

A.     EFFECTIVE DATE : July 9, 2018
B.     POLICY SPONSOR: Vice President & Chief Information Officer
C.      PURPOSE : To ensure wireless network security and integrity, to protect the integrity of connected computing systems, and to minimize interference between wireless networks and other electronic resources deployed throughout UConn Health.
D.     POLICY : 1.      UConn Health reserves the right to restrict the use of any and all wireless devices in UConn Health buildings and all outdoor spaces on UConn Health property, whether leased or owned.

2.      UConn Health Information Technology (IT) must be consulted for coordination of engineering, installation, maintenance, and operation of wireless networks serving, or on any property owned or leased by, UConn Health.

3.      Any independently installed wireless communications equipment, which has not been approved by UConn Health IT, is prohibited, subject to removal from service without notice, and may be confiscated.

4.      All wireless network devices, including wireless access points/routers, building monitoring systems, classroom presentation/response systems, security systems, retail systems, and wireless research endeavors must be secured, in accordance with the Wireless Network Device Secure Configuration Standards.

5.      All wireless access points that connect clients to the internal network shall require users to provide unique authentication.

6.      Wireless access point device owners are responsible for updating software, hardware and firmware of devices to address security vulnerabilities.

7.      The use of wireless networks at UConn Health shall be subject to all other policies and guidelines, as may be applicable.

E.      SCOPE : This policy applies to all UConn Health Workforce, Business Associates, Non-Workforce, and all other individuals granted access to UConn Health electronic resources. The policy applies to all computing and networking equipment owned, leased, operated, or contracted by UConn Health.
F.      PROCEDURES, GUIDELINES AND PROTOCOLS : Wireless Network Device Secure Configuration Standards – (Restricted Access – Contact Information Security Office)
G.     REFERENCES : None
H.     RELATED POLICIES : None
I.       SEARCH WORDS : Wireless, Network
J.       ENFORCEMENT: Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, other applicable University Policies, or as outlined in the procedures document related to this policy.
K.      APPROVED : By:  Scott Jordan, Executive VP for Administration and CFO

Date:  12/05/18

 

By:  Alan Calandro, Administrative Policy Committee Chair

Date:  12/05/18

L.      REVISION HISTORY : 1.      New Policy Approved: 11/18/2014

2.      Revised: 7/9/18

3.      Revised:  12/5/18

 

[ END OF POLICY ]

Information System Activity Review [Policy #2005-07]

A.     EFFECTIVE DATE : July 9, 2018
B.      POLICY SPONSOR: Vice President & Chief Information Officer
C.      PURPOSE : To establish requirements for the creation of electronic log files required for reviewing system and user activity to detect and respond anomalous system activity and/or inappropriate access to, or use of, information systems or data in accordance with regulatory requirements applicable to the clinical enterprise.
D.     POLICY : 1.      IT resources that store, access, or transmit confidential data shall electronically log activity into created log files.

2.      Electronic log file generation, transmission, storage, analysis and disposal will be performed in accordance with UConn Health Audit and Logging Standards.

3.      Data Stewards, or their designees, are responsible for developing and implementing procedures for periodically examining information systems and log files for access control discrepancies, breaches and policy violations.

4.      System activity reviews shall be performed weekly. More frequent reviews may be required based on the system criticality and nature of data transmitted, maintained, processed or accessed on/from the electronic resource.

5.      Electronic log files will be retained in accordance with regulatory and statutory requirements.

E.      SCOPE : This policy applies to all UConn Health Workforce, Business Associates, Non-Workforce and all other individuals granted access to UConn Health electronic resources. This policy also applies to all computing and network equipment and software owned, leased, operated or contracted by UConn Health.
F.      PROCEDURES, GUIDELINES AND PROTOCOLS : Information System Audit Log Standards and Procedures – (Restricted Access – Contact Information Security Office)
G.     REFERENCES : State of Connecticut HIPAA Security Policy

45 C.F.R. § 164.308(a) (1) (ii) (D)

State of Connecticut State Agencies’ Record Schedule S6

Information System Audit Log Standards and Procedures

H.     RELATED POLICIES : UConn Health 2003-31 Data Classification and Use Policy
I.       SEARCH WORDS : Audit, Logging, Activity Review
J.       ENFORCEMENT: Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, other applicable University Policies, or as outlined in the procedures document related to this policy.
K.      APPROVED: By:  Scott Jordan, Executive VP for Administration and CFO

Date:   12/05/18

 

By:  Alan Calandro, Administrative Policy Committee Chair

Date:  12/05/18

L.      REVISION HISTORY : 1.      New Policy Approved: 1/28/05

2.      Revised: 7/9/18

3.      Revised: 12/4/18

[ END OF POLICY ]