These Information Security Requirements apply to everyone at Harvard. They provide additional detail on how to be compliant with Policy and should be used as a normal part of daily life at Harvard in order to keep both Harvard confidential data and your own personal information secure.
This advisory provides guidance on striking a balance between using website traffic analysis tools (i.e. analytics) to create a better user experience for website visitors and avoiding unnecessary collection of information about our users that could constitute a breach of trust.
This document allows end users the ability to create SharePoint sites/O365 Groups/Microsoft Team sites as a self-service model while maintaining a naming convention for reporting and tracking purposes.
This document provides a discussion and recommendations for the use of http cookies in web sites and applications to avoid operational and security issues.
The HUIT standard for the design and management of AWS accounts to control for the lack of accountability and reduction in economies of scale that can take place in a large and decentralized institution.
This document provides recommendations for choosing an authentication system for Salesforce, based on user experience, security and practical considerations.
The scope of this standard extends to all server instances that are within the HUIT domains on a fully-managed basis, or are hosted within HUIT on behalf of customers that administer the server instances. The overarching goal of this work is to satisfy Harvard’s HUIT Information Security Policy Objectives and NIST Cyber-Security Framework (CSF) Objectives.