UNK | Offices | ITS | Policies | SSN Elimination

HOME

Home > Offices > Information Technology Services

UNK Quick Links

A View From the Union

Visit Campus!
Apply Today!

Information Technology Services

related links

>
Expectations
We expect departments to have the following completed by January, 2008:
>
FAQ NUID
Frequently asked questions regarding your NUID
>
Elimination Policy
Letter from the Chancellor outlining the University's comitment privacy
>
Exemption Form
Form required to obtain an exemption to the SSN Elimination Policy
>
FAQ SSN Elimination
Frequently Asked Questions regarding SSN Elimination at UNK
>
Best Practices
Best practices for protecting nonpublic personal information
>
Self-Assesment Checklist
Checklist for departments to use in evaluating their compliance with the UNK SSN Elimination Policy
>
Spider4 Download Instructions
Search your PC for social security numbers

Self-Assestment Checklist

This checklist is provided as a tool to help you in making sure your department is complying with the University's Social Security Number Elimination Policy.

Review your security processes and procedures annually.
Applications, services, or forms that collect, store, or transmit social security numbers can not be commissioned without written approval from the Assistant Vice Chancellor for Information Technology.
Annually update the departmental inventory of documents, both paper and electronic, containing social security number.
Maintain an access control list to identify each person with authorized access to social security numbers.
Require new employees to read university and departmental security policies.
Instruct all employees on basic workstation security and document storage policy.
Review the University Password Policy
- Strong passwords are recommended. They are difficult for a human or a computer program to guess and have letters in both upper and lower case, numbers, and special characters, and do not consist of words found in a dictionary or that are part of the user’s own name.
- Accounts should not be shared among users.
- Generic accounts should not be utilized.
- A timed lockout mechanism such as a screensaver that requires re-authentication should be used.
- Passwords must be changed any time a system is compromised.
Servers storing social security numbers must be appropriately secured and managed.
- Servers storing social security numbers must be located in the ITS server room. Exceptions may be granted by the Assistant Vice Chancellor for Information Technology.
- Servers may be periodically scanned to verify that social security numbers are not being stored in an unsecure manner.
- Servers storing social security numbers are subject to periodic vulnerability scans.
- Servers should support a single application.
- Use of servers for tasks other than their intended use is prohibited.
- All servers that store social security numbers must have antivirus software enabled and updated.
Workstations storing social security number must be appropriately secured and managed.
- Workstations and portable devices storing social security numbers must use full disk encryption. This applies to all devices whether they are owned by UNK or by the user. The data encryption standard will be specified by Information Technology Services.
- Workstations may be periodically scanned to verify that social security numbers are not being stored in an unsecure manner.
- Devices storing social security numbers are subject to periodic vulnerability scans.
- All workstations that store social security numbers must have antivirus software enabled and updated.
If social security numbers are accessible over a network, connections that will encrypt the data during transfer, such as VPN, Secure FTP, Secure emulation software, or SSL are recommended. Note that a remote desktop is not a VPN.

Office of Information Technology Services, 114 Otto Olsen Bldg, (308) 865-8950
ITS HOME | POLICIES | ABOUT ITS

University of Nebraska Kearney