Skip to main content

Boise State University Minimum Security Standards for Server Rooms

Purpose

This document specifies the details of minimum security standards as referred to by policies

  • 8020 Server Administration
  • 8060 Information Privacy and Data Security

Scope

These standards apply to all rooms where servers connected to the Boise State network are stored and operated. The standards vary based on the type of data stored on the device and are classified using the University Data Classification Standard.

All Server Rooms

All servers must reside in a certified, secure server room.  All university server rooms must have the following at a minimum:

  • Monitored climate control and air conditioning
  • Fire monitoring and suppression
  • Electrical redundancy including generator and ups
  • DPS installed and recorded security cameras
  • Prox Card Badge access with limited access to authorized personnel. Monthly access reports must be sent to the CISO.
  • Guests log books with guest ID badges.  All guests sign in and be accompanied at all times.

Non-Compliance and Exceptions

A Request for Exception, along with a plan for risk assessment and management, can be submitted at Help Desk Self Service. Non-compliance with these standards may result in revocation of access, notification of supervisors, and reporting to the Office of Internal Audit and Institutional Compliance.

Updates

Created: September 2022

Last Update: September 2022

Next Review: February 2025