Printed on: 10/22/2018. Please go to http://policy.umn.edu for the most current version of the Policy or related document.
Appendix

Network Control Standard

Appendix to Policy

Objective

To ensure the availability of University network and to protect information security for networked services and systems, access must be controlled to the University network (both wired and Wi-Fi), including local area networks (LANs) and external network services.

Security Controls

Type of network extensions allowed

The following table defines the type of network extensions permitted on the University Network.

Control Security Level
ID Description High Medium Low
NC.A.01 Locally-managed networks, defined by agreed-upon Network Hand-Off points Not Allowed Allowed Allowed
NC.A.02 Network Address Translation (NAT) Not Allowed Not Allowed Not Allowed

Network controls

The following table defines baseline network security controls for the University network (both wired and Wi-Fi) and local area network (LAN).

Control Security Level
ID Description High Medium Low
NC.B.01 Approval from Data Network Services to extend the University network or connect to third-parties Required Required Required
NC.B.02 Approval from the LAN network administrator to extend the network beyond the network hand-off point for their unit Required Required Required
NC.B.03 Use controls to protect network infrastructure against attacks and misuse Required Required Required
NC.B.04 Segment networks according to the security level and/or data classification Required Recommended Recommended
NC.B.05 Document ownership for the network at the hand-off point Required Required Required
NC.B.06 Use controls to prevent unauthorized access to the network Required Required Optional
NC.B.07 Maintain logs to identify devices and users that attach to the network in real time Required Required Required
NC.B.08 Detect and verify that network extensions are authorized Required Required Required
NC.B.09 Periodic review of network access controls for appropriateness Required Required Optional
NC.B.10 Deploy and monitor network based intrusion detection and/or prevention technology Required Required Optional
NC.B.11 Document network access controls used Required Required Required

Additional Wi-Fi Network Controls

The following table defines baseline network security controls specifically for Wi-Fi.

Control Security Level
ID Description High Medium Low
NC.C.01 Use strong encryption for transmitting authentication information and the data Required Required Recommended
NC.C.02 Authenticate access Required Required Optional
NC.C.03 Detect and remove unauthorized (rogue) Wi-Fi networks Required Recommended Recommended

Resources Covered

This applies to IT resources owned or contracted by the University.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

More information on Network Control

Published Date

  • December 2014

Last Reviewed

  • October 2015

Document Feedback