Reminder: Justification letters must be submitted to the Office of the VC for IT for any server or IT based service maintained within a department and an approval must be granted. See PM - 36 resources on the LSU IT Policies page.

Departmental Servers (Security Baseline)

• The operating system and applications should have the most recent security updates installed.
• Anti-malware (anti-virus and anti-spyware) applications should be running and up-to-date.
• Administrative accounts should only be used for system management and not left logged on.
• Number of administrative accounts on server should be very limited.
• Windows servers should be added to the LSU Active Directory.
• Windows servers should remove "Domain Users" from the Users group.
• Servers should be backed up routinely and those backups should be periodically tested for data integrity and availability.
• A local firewall should be running and properly configured to limit access to specific ports and/or subnets.
• Servers storing SSNs must submit a request form to the Office of the University Registrar for approval (PS113: Social Security Number Policy).
• Servers should log events such as account logins and account changes.
• User access to servers should be limited to the specific users it serves.
• Physical access to servers should be very limited (secure location).

Departmental E-mail Servers

• Information Technology Services (ITS) provides campus e-mail services (pawsid@lsu.edu) through Microsoft Exchange and Tiger Mail. Departments are discouraged from operating e-mail servers or services, and should strongly consider using the campus e-mail services before starting a departmental e-mail server (username@unit.lsu.edu). 
• All departmental e-mail servers must be approved and registered with Information Technology Services in order to send/receive e-mail through the University network. Once approved, mail servers can be registered by sending an e-mail to mtaregister@lsu.edu with the IP address and manager of the departmental e-mail server.
• Managers of departmental e-mail servers who assign e-mail addresses and aliases such as firstname.surname@unit.lsu.edu will be responsible for assigning IDs that are distinguishable and unique.
• Managers and users of departmental e-mail servers are responsible for adhering to all mail storage and retention requirements and applicability of laws and policies such as PS06.15 Use of Electronic Mail.
• Departmental e-mail servers should follow the best practices security baseline listed above.

Departmental File Servers

• Access to file shares should be limited to specific users (No open/anonymous shares).
• Users should be given only the appropriate amount of privileges to access data within the file shares.
• Personally Identifiable Information (PII) such as credit cards and bank accounts numbers should not be stored unless absolutely necessary.
• Any Personally Identifiable Information (PII) must be stored on software or hardware encrypted disks.
• Departmental file servers should follow the best practices security baseline listed above.