This page contains documents that outline Privacy's and ISO's positions on a number of topics. These are not university policies, but can be referenced during decision making processes.
Information Privacy and Security Position Papers
Published Positions
- Centralized management of print services
- Clarification of 2FA Requirement for Linux Server Logins
- Creating firewall rules open to the world
- Cryptocurrency Mining (external article)
- De-identification Overview and Guidance
- Forwarding email to non-Stanford accounts
- Guiding Principles for the Use of Sensors on Campus
- M365 Copilot use & testing
- Password Manager: LastPass Breach in Late 2022
- Use of non-University supported add-in/plug-in/applet software
- Use of social media accounts for Stanford business
Topics for Future Papers
The following are topics for which Privacy and ISO may generate a position paper in the future. If you have an idea for a position paper topic, please feel free to reach out to the ISO GRC team via a help ticket.
- 2-factor authentication (fail-safe versus fail-open)
- Ad-blockers
- Bulk mailings from 3rd party tools
- Faculty and grad students managing servers
- Management of printers and other embedded devices
- Recommended SSL/TLS Cipher Suites
- RFC 1149 - The Transmission of IP Datagrams on Avian Carriers
- Secret Management in automation
- Security products from companies with significant foreign ownership (Kaspersky… etc)
- Security.txt file
- Usage of Yubikeys
- Use of bastion hosts
- Use of external penetration testers
- Use of IPMI and other remote server consoles
- Use of non-Stanford owned devices for Stanford business
- Use of non-Stanford staff for the management of High risk servers
- Use of password managers
- Use of PCI P2PE solutions on the campus network infrastructure
- Use of SNMP
- User enabled third-party add-ons to Stanford services (i.e. Google Apps, O365, Box...etc)
