Tarleton Office of Innovative Technology Solutions (OITS)
Network/Wireless Access Standard

Effective: February 11, 2020

Revised: June 9, 2025

Procedure Summary

Tarleton State University’s (Tarleton or university) information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with Texas Government Code Chapter 2054. The Tarleton information resources network infrastructure information resources are provided for use by Tarleton students, faculty and staff. It is important that the infrastructure, which includes media, active electronics and supporting software, be able to meet current performance requirements while retaining the flexibility to allow emerging developments in high speed networking technology and enhanced user services. Tarleton owns and is responsible for the university network infrastructure.

The purpose of this standard is to provide a set of measures that will mitigate information security risks associated with network/wireless access. There may be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with Texas Administrative Code (TAC) Chapter 202 ‐ Information Security Standards, each department and/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. The intended audience for this standard includes, but is not limited to, all information resources data owners, management personnel, system administrators, and users of Tarleton information resources network/wireless infrastructure.

Please see the Tarleton Security Controls Catalog, specifically AC-18 Wireless Access, SC-5 Denial-of-Service Protection, and CM-2 Baseline Configuration, for additional information and requirements.

Procedures and Responsibilities

Network aggregation devices (e.g., hubs, switches, routers, wireless access points) shall not be connected to network infrastructure without prior approval by the Tarleton Office of Innovative Technology Solutions (OITS).
Management of network addresses and name spaces may be delegated to system administrators. Only users with permitted access to network addresses issued to them by their designated system administrator is allowed.
Network scans and network vulnerability scans of devices attached to the Tarleton network are occasionally necessary to ensure the integrity of Tarleton computing systems and for appropriate remediation as needed. Network scans and network vulnerability scans may only be conducted by university employees designated by the organizational unit head responsible for the information resource and/or by applicable Tarleton OITS staff.
Individuals controlling right-to-use for systems attached to the network infrastructure will ensure only authorized persons are granted access in accordance with Tarleton Security Controls Catalog AC-2, Account Management.
Allowing anonymous write capability to university systems or anonymous originating network traffic requires Tarleton OITS permission.
Users are not permitted to alter Tarleton-network hardware in any way.

Definitions

Anonymous write capability: the ability of people to save (on Tarleton computers) information they create without their identity being known (to system administrators).

Anonymous originating network traffic: causing a (Tarleton) computer system to send traffic via the network where the custodian/owner is not known.

Information Resources (IR): the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.

Information Security Officer (ISO) / Chief Information Security Officer (CISO): responsible for administering the information security functions within the university and reports to the information resources manager (IRM).

Owner of an Information Resource: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.