{"id":2527,"date":"2025-04-25T21:32:04","date_gmt":"2025-04-25T21:32:04","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=2527"},"modified":"2025-04-25T21:32:05","modified_gmt":"2025-04-25T21:32:05","slug":"tarleton-oits-internet-of-things-iot-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-internet-of-things-iot-standard\/","title":{"rendered":"Tarleton OITS Internet of Things (IoT) Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br> Internet of Things (IoT)  Standard<\/h1>\n\n\n\n<p>Effective:  April 10, 2022<\/p>\n\n\n\n<p>Revised:\u00a0 April 25, 2025\u00a0<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>This standard ensures the security of Tarleton State University&#8217;s (Tarleton or university) infrastructure by proactively managing Internet of Things (IoT) devices.\u00a0\u00a0\u00a0<\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>This standard ensures the confidentiality, integrity, and availability of the university\u2019s information resources by regulating the use and network connectivity of IoT devices. Adhering to this standard enables the University to reduce or eliminate potential exploitation of IoT technology.\u00a0<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>IoT Security Protocols\n<ul class=\"wp-block-list\">\n<li>IoT devices must be connected to a specific segregated and controlled network segment;<\/li>\n\n\n\n<li>Default credentials must be changed;<\/li>\n\n\n\n<li>Passwords must adhere to Tarleton\u2019s password policy; <\/li>\n\n\n\n<li>If possible, disable the administrator account and create a custom admin account.\u00a0 The custom account name should not reflect administrator rights (Example: admin, adm, administrator, superuser, etc.);<\/li>\n\n\n\n<li>The administrator account should only be used for admin functions and not standard operations;<\/li>\n\n\n\n<li>All IoT devices should be updated as patches are released by the vendor;\u00a0\u00a0<\/li>\n\n\n\n<li>UPnP connections are not allowed on Tarleton\u2019s network;\u00a0\u00a0<\/li>\n\n\n\n<li>If possible, do not use MAC-based authentication;\u00a0\u00a0<\/li>\n\n\n\n<li>Disable PAN network capability if it is not required for functionality;\u00a0\u00a0<\/li>\n\n\n\n<li>Disable Wi-Fi SSID broadcasting or any feature that allows for Wi-Fi network broadcasting;\u00a0\u00a0<\/li>\n\n\n\n<li>Disable any unused interfaces such as the ability to be used as a hub or bridge;<\/li>\n\n\n\n<li>Tarleton\u2019s Office of Innovative Technology Solutions (OITS) staff reserve the right to remove any IoT device from the university\u2019s network if network traffic received by or transmitted from the device is a threat to the university\u2019s digital landscape; and\u00a0\u00a0<\/li>\n\n\n\n<li>IoT devices that must adhere to this standard also include:\u00a0\u00a0\n<ul class=\"wp-block-list\">\n<li>Non-Tarleton devices owned by individuals or departments;<\/li>\n\n\n\n<li>Devices that only require internet access for functionality;<\/li>\n\n\n\n<li>Non-enterprise or consumer grade devices that are maintained by vendors;<\/li>\n\n\n\n<li>Non-enterprise or consumer grade devices that are not maintained;<\/li>\n\n\n\n<li>Devices with limited firmware and software support including limited or no updates; and<\/li>\n\n\n\n<li>Devices with limited security capabilities. These devices may focus on functionality and not security.<strong>\u00a0\u00a0<\/strong>\u00a0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Exceptions \n<ul class=\"wp-block-list\">\n<li>In accordance with\u00a0<a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. <\/li>\n\n\n\n<li>Any exceptions to this standard must be reviewed and approved by the Tarleton Information Security Officer (ISO)\/Chief Information Officer (CISO).  <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Internet of Things (IoT)<\/strong> \u2013 Physical objects that may be user or industrial devices that are connected to the internet and are embedded with sensors, controllers, software and other technologies for the purpose of connecting and exchanging data with other devices and systems.<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO) \/ Chief Information Security Officer (CISO)<\/strong>: responsible for administering the information security functions within the university and reports to the information resources manager (IRM).\u00a0\u00a0<\/p>\n\n\n\n<p><strong>MAC \u2013 <\/strong>Media Access Control.\u00a0 A unique hardware identification number that identifies each device on the network.<\/p>\n\n\n\n<p><strong>PAN \u2013 <\/strong>Personal Area Network.\u00a0 Provides communication between devices and connection to higher level networks.<\/p>\n\n\n\n<p><strong>SSID \u2013 <\/strong>Service Set Identifier.\u00a0 The name assigned to a Wi-Fi (wireless) network.<\/p>\n\n\n\n<p><strong>TAC 202 \u2013 <\/strong>Texas Administrative Code 202.\u00a0 Outlines the minimum information security and cybersecurity responsibilities and roles at Texas state agencies and institutions of higher education.<\/p>\n\n\n\n<p><strong>UPnP <\/strong>\u2013<strong> <\/strong>Universal Plug and Play.\u00a0 Network protocols that allow networked devices such as wireless access points, printers, and laptops to discover each other\u2019s presence on the network and to establish functional network services.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Internet of Things (IoT) Standard Effective: April 10, 2022 Revised:\u00a0 April 25, 2025\u00a0 Procedure Summary&nbsp; This standard ensures the security of Tarleton State &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-2527","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 12 months ago","modified":"Updated 12 months ago"},"absolute_dates":{"created":"Posted on April 25, 2025","modified":"Updated on April 25, 2025"},"absolute_dates_time":{"created":"Posted on April 25, 2025 9:32 pm","modified":"Updated on April 25, 2025 9:32 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=2527"}],"version-history":[{"count":1,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2527\/revisions"}],"predecessor-version":[{"id":2528,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2527\/revisions\/2528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=2527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}