Statement

All connectivity between University information resources and the Internet will be provided solely by the Information Technology Department to verify proper boundary protections are in place.

Applicability

The intended audience for this Control includes all information resource owners, custodians, and users of information resources

Implementation

The CIO, or designee is responsible for:

• Monitoring and controlling the external boundary of the network and at key internal boundaries within the network;
• Implementing subnetworks for publicly accessible system components that are logically separated from internal university networks; and
• Ensuring that connections to external networks or information systems occur only through managed interfaces consisting of boundary protection devices arranged in accordance with an approved security architecture.