Tarleton Office of Innovative Technology Solutions (OITS)
Network Configuration Standard

Effective: February 11, 2020

Revised: April 28, 2025

Procedure Summary

Tarleton State University’s (Tarleton or university) information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with Texas Government Code Chapter 2054. The Tarleton information resources network infrastructure are provided for use by Tarleton students, faculty and staff. It is important that the infrastructure, which includes media, active electronics and supporting software, be able to meet current performance requirements while retaining the flexibility to allow emerging developments in high speed networking technology and enhanced user services. Tarleton owns and is responsible for the university network infrastructure.

The purpose of this standard is to provide a set of measures that will mitigate information security risks associated with network configuration. There may be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with Texas Administrative Code (TAC) Chapter 202 ‐ Information Security Standards, each department and/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. The intended audience for this standard includes, but is not limited to, all information resources data owners, management personnel, system administrators, and users of Tarleton information resources network infrastructure.

Please see the Tarleton Security Controls Catalog, specifically AC-18 Wireless Access, SC-5 Denial-of-Service Protection, and CM-2 Baseline Configuration, for additional information and requirements.

Procedures and Responsibilities

All network connected equipment must be configured to specifications approved by Tarleton’s Office of Innovative Technology Solutions (OITS).
All hardware connected to the Tarleton network is subject to Tarleton OITS management and monitoring standards.
Changes to the configuration of active network management devices cannot be made without the approval of Tarleton OITS.
The university network infrastructure supports a well-defined set of approved networking protocols. Tarleton OITS must approve the use of any non-sanctioned protocols.
The network addresses for the supported protocols are allocated, registered and managed by Texas A&M University System (TAMUS) and Tarleton OITS.
All connections of the Tarleton network infrastructure to external third party networks are the responsibility of Tarleton OITS. This includes connections to external telephone networks.
Tarleton OITS firewalls must be installed and configured following the requirements set forth by Tarleton OITS documentation, please consult the Tarleton OITS Infrastructure – Networking Team.
The use of departmental firewalls is not permitted without the written authorization from Tarleton OITS.
Users must not extend or re-transmit network services in any way. Devices such as routers, switches, hubs, or wireless access points cannot be installed on the Tarleton network without approval from Tarleton OITS.
Users must not install network hardware or software that provides network services without Tarleton OITS approval.
Users are not permitted to alter network hardware in any way.

Definitions

Information Resources (IR): the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.

Information Security Officer (ISO) / Chief Information Security Officer (CISO): responsible for administering the information security functions within the university and reports to the information resources manager (IRM).

Owner of an Information Resource: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.