Policies

CSU and CSU Bakersfield Policies

It is our policy to respond to allegations of copyright violations in accordance with the Digital Millennium Copyright Act (DMCA). If you believe that your copyrighted work has been copied and is accessible on the Website in a way that constitutes copyright infringement, please notify the University's designated Copyright Agent at:

TBD
9001 Stockdale Highway
Bakersfield, CA 93311
Phone: (661) 654-6539
Email: abuse@csub.edu

For more information or to notify the University of a copyright infringement, please visit the .
ÂãÁÄÖ±²¥, Bakersfield (ÂãÁÄÖ±²¥) respects your privacy and is committed to protecting it to the extent possible, subject to applicable state and federal law, through our compliance with our privacy policies.

Please visit the  for more information.
The CSU Information Security policy provides defines user, including faculty, staff, students, third parties, and CSU responsibilities with respect to the use of CSU information assets.

Please visit the for more information.
Subcategories:
  • Data Management
  • Information Security and Privacy Program
  • Information Technology

Please navigate to the for more information on ÂãÁÄÖ±²¥ Information Technology Policies.
The ÂãÁÄÖ±²¥ (CSU) manages and protects the confidentiality, integrity, and availability of CSU information assets and establishes procedures that define the organizational scope of the CSU information security program. This policy is not intended to prevent, prohibit, or inhibit the sanctioned use of information assets as required to meet the CSU's core mission and campus academic and administrative goals.

Please visit the for more information.

Accepting payment cards as a form of payment for products and services has a number of requirements intended to safeguard payment card information. Payment cards include credit cards, bank debit cards, check authorization cards, cards used for cash-less transactions, or other forms of payment covered under PCI.  To identify your entity as a campus Merchant, please fill out the PCI Identification Form and a member of Fiscal Services or Information Technology Services will respond. 

Who is Affected by PCI?

Any University department, on-campus vendor, project, program, fund raising activity, or auxiliary that accepts credit card type payment for products and services on behalf of the University will be required to comply with PCI DSS.

What Types of Documentation/Processes may be required?

  • Know your roles and responsibilities as it relates to PCI requirements
  • Determine the scope of your cardholder data environment annually
  • Identify and document the existence of cardholder data environment
  • Identify and document business processes in relation to cardholder data environment
  • Documentation of device inventory and user inventory
  • Annual PCI security awareness training through the bank/acquirer
  • Conduct annual risk assessment of your cardholder data environment (See pcisecuritystandards.org for information)
  • Re-determine the scope of your cardholder data environment annually, to lessen the scope
  • Work with your bank representative for merchant requirements
  • Complete appropriate annual PCI Self-Assessment Questionnaire as determined by the bank/acquirer
  • Contribute department/entity/program payment card information toward campus-wide PCI requirements
  • Provide the campus Information Security Officer with annual access to your documentation for review

Resources

  • ÂãÁÄÖ±²¥ Credit Card Acceptance Policy - Contact Fiscal Services

As this process evolves, the requirements for specific procedures and documents will change. Please review the PCI resource links, or contact the Information Security Officer for additional recommendations, assistance, or questions toward compliance.

Please visit the  for more information.

This policy provides the processes and guidelines necessary to first maintain the integrity of the network systems and university data by applying the latest operating system and application security updates/patches in a timely manner, and secondly establish a baseline methodology and timeframe for patching and confirming patch-management compliance. Desktops, laptops, servers, applications, and network devices represent access points to sensitive and confidential University data as well as to technology resources and services. Ensuring that security updates and patches are distributed and implemented in a timely manner is essential for mitigating malware, exploitation, and other threats.

Please visit the for more information.
Traveling internationally can pose significant risks to information stored on or accessible through computers, and smartphones.  Some of the risk is associated with increased opportunities for the loss or theft of the device and just merely the distraction of traveling. Additionally, our devices are put at risk because they will use networks that may be managed by entities that may monitor and capture network traffic for competitive or malicious purposes.

Please visit the for more information.
It is the policy of ÂãÁÄÖ±²¥ Information Technology Services to remove and/or destroy all institutional data from any computer storage device prior to redeployment or removing equipment from campus operation via either surplus or disposal.
 
The primary reason for this is a concern for confidential, high risk data and software programs that may be on the computers. All computers released by campus departments must pass through an ITS standard disk wiping process before they can be redeployed, sold, donated or disposed of via the survey process.

Please visit the for more information.
The purpose of this policy is to safeguard ÂãÁÄÖ±²¥ computer systems in a manner that will ensure the confidentiality integrity and availability of the data maintained on them.  This policy addresses the default security state of any system being deployed and ensures that only needed services and functions are installed and enabled by default.  
 
The method used by the ÂãÁÄÖ±²¥ Chancellor’s offices and the California National Guard in their audits is to utilize a product offered by the Department of Defense called Security Content Automation Protocol (SCAP).

Please visit the for more information.
In order to maintain the integrity and security of web applications, ÂãÁÄÖ±²¥ uses a web scan application. This tool can scan applications for a multitude of potential breach points such as SQL Injection, cross site scripting, web security, and directory traversal, to name a few. Web Application Scan tools are very aggressive and perform a scan similar to an actual attack. It is imperative that the system to be scanned be in non-production.

Please visit the for more information.