APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021
Board Policy (BP) 6-10, Cyber Security Policy
System Procedure (SP) 6-10b, Access and Authentication
System Procedure (SP) 6-10c, Anti-Virus and Anti-Spyware Management
/ Joe Garcia /
Joseph A. Garcia
This procedure documents minimum requirements that Colorado Community College System and its Colleges’ (“CCCS”) Information Technology (“IT”) servers and workstations must meet before being deployed into a production environment.
This procedure applies to Information Assets owned, leased, managed and maintained by the System IT Department (“System IT”) the College IT Department (“College IT”) or by third parties on behalf of CCCS.
Server is defined as a computer or device on a network that manages network resources. Examples include file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries).
Workstation is defined as a computer used to perform tasks such as programming, engineering, and design.
The System Chancellor delegates to the System Vice Chancellor for Information Technology responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.
IT Servers and Workstations are often exploited to obtain Sensitive and Restricted information. Access obtained by unauthorized individuals could place the organization at risk. Securing System IT and College IT Servers and Workstations, regardless of how mission critical the systems are, must be completed in a manner that still allows the institution to operate efficiently.
IT Server and Computer Hardening
CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.