DRAFT Updates to Acceptable Use Policy and related documents
The Information Security Advisory Committee has recommended changes to the UF Acceptable Use Policy (AUP), which was last revised in 2011. Highlights of the recommended changes include:
- Updates to all references and links
- Incidents must now be reported to the UF Computer Security Incident Response Team and unit ISM
- Prohibits use of UF IT resources to access or store pornography
- Adds ‘Personal’ to the section now titled ‘Commercial and Personal Use’
- Clarifies that only network service providers are authorized to implement network infrastructure
- Removes vague suggestion to use encryption with wireless networks
In coordination with these changes, the ISAC has also recommended that the existing Procedure for Monitoring of IT Resources be replaced with a policy. Notable changes from the current procedure include:
- Modified approvals required for monitoring to specify that VP HR approves requests for employees and VP Student Affairs approves requests for students.
- Changes to criteria for monitoring, such as moving the following to the section not requiring prior approval: responding to legal or contractual requirements, incident investigations, protecting security or functionality of computing resources.
- Removed discussion of public disclosures of data, since that is covered by other university policies.
Lastly, the ISAC has prepared guidelines to the university community on the personal use of email, strongly recommending that non-university email be used for personal communications and to register software for personal use.
If you have any comments or concerns regarding these changes, please contact Avi Baumstein, email@example.com.