Server Security Standard
Due to the large concentrations of RIT Confidential and RIT Operationally Critical information contained on Institute servers, it is critical that all servers meet or exceed the requirements mandated by the Server Security Standard.
Who does it apply to?
The requirements apply to administrators of all servers that meet one or more of the following criteria:
- They provide access to vital academic or production information to five or more users of the RIT community and the confidentiality or reliability of the data is important.
- They are used in a test environment, but are loaded with real data that includes RIT Confidential information.
- They contain legally regulated or RIT Confidential information, which if leaked or compromised, could hurt RIT's reputation, cause a loss of revenue, or potentially leave the Institute liable.
The requirements also apply to any Institute-owned or leased computer supplying information to five or more users over the network (e.g., acting as servers). In this sense, the definition of server relates to function more than computer type.
What do I need to do?
Use the Server Security Checklist to set up your server.
Check the Systems Administrators Resources page to find tools and additional information.
Approved Encryption Methods
The RIT Information Security Office requires 128-bit or 256-bit AES encryption to protect RIT Confidential Information.

