University of Colorado Shared Web Application Environment Use Statement
This document explains standards and guidelines for information appearing on and
the use of the Shared Web Application Environment (SWAE). The University of
Colorado Denver (UCD) provides central web resources, supported by The Office of
Academic Technology and Extended Learning (ATEL) in cooperation with Information
Technology Services (ITS), to support its mission of education, research,
clinical care, and community service. This document sets forth the requirements
regarding the use of, access to, and disclosure of information residing on SWAE
and to assist in ensuring that the university's resources serve those purposes.
It is the goal of UCD to ensure that any information that is made available to
the public is accurate and consistent with the mission of the institution. It
also is the goal of UCD to enable faculty, staff and students to publish such
information in conformance with state and federal laws, including copyright
The following shall apply to web content that is hosted on the central UCD SWAE
All static web content and basic web forms are required to be maintained on
the campus CMS. Users of SWAE must obtain an exemption from the campus
content management system (CMS).
Exemptions are granted when the existing functionality of the campus CMS
cannot reasonably accommodate the requirements of a unit seeking to create
or deploy a web application.
Each new site request on SWAE will require an
approved unique ucdenver.edu sub-domain and unique IP.
URL requests must be submitted in advance and may take up to 10 business
days to process. URL requests are reviewed by the UCD Web Administrative
If public access to SWAE content is required, a
UCD firewall penetration rule is required. Authorized departmental
personnel must submit their request to ITS. Site code and configuration
will be scanned in accordance with ITS security standards. Per ITS security
policy, issues must be remediated before penetration requests are granted.
Quarterly security scans of the entire SWAE environment are conducted by ITS
to ensure all code is capable of passing reasonable and customary
penetration testing, and, follows coding best practices as defined by ITS.
Unit contacts of webs failing ITS security scans will be notified of
remediation steps necessary to bring their code into compliance. Failure to
remediate issues in a timely manner will result in webs being removed from
the environment to protect university computing resources and data.
System uptime and all related configuration, application stack patching,
monitoring and other aspects of system administration will be the
responsibility of ATEL. Units are responsible for all other aspects of
their application code and support.
ATEL will provide 24/7/365 operational support for the environment and
normal UCD business hour technical support.
Access to SWAE will be granted only to existing UCD employees or sponsored
users via their Active Directory accounts.
ATEL will provide 30 days notice to the SWAE developer community and unit
heads to prepare for all system wide changes. In alignment with common
application development practices, university units are strongly encouraged
to maintain a test and development environment to facilitate application
functionality in anticipation of system changes and development efforts.
Provisioning or support of test environments in not within ATEL’s support
University units engaged in the development, purchase, or commissioning of
web applications housed on SWAE are responsible for the maintenance of the
underlying code and functionality on an ongoing basis. This includes, but
is not limited to, re-factoring code when necessary to accommodate changes
in the server environment including all hardware and software changes.
ATEL can provide assistance, for a fee, to units to maintain their
application code on a best effort and availability basis.
24/7/365 web content availability is key to institutional credibility. All
Units with content on SWAE will appoint a qualified current UCD employee, or
UCD sponsored user, as a point technical contact should issues arise with
their SWAE content. Contact information will be kept current with ATEL to
ensure issue escalation can take place should it become necessary. In the
event of content availability interruption ATEL will be responsible for
passing issue resolution to the unit contact once root cause diagnosis
efforts have ruled out issues related to ATEL’s scope of responsibility. If
contact cannot be made with the specified unit contact, ATEL will
temporarily replace content on the affected site with a standard temporary
maintenance page until content can be restored.
All anonymously accessible UCD web content with an approved firewall
penetration rule must adhere to the
UCD Web Identity Standards Guide and
Web Publishing Policy on an ongoing basis.
All web pages must conform to rules governing public institutions in
Colorado as well as to applicable state or federal laws including export
laws and regulations.
Departmental pages may not be put to inappropriate uses which include:
Material that does not reflect the overall mission and the professional
integrity of UCD.
Information that is proprietary or confidential to UCD.
Personal, commercial uses which could result in a financial benefit for
the page owner or his/her associates.
Use of any personal information that is not public record pertaining to
other individuals without their express written permission.
Use of any images or data that are abusive, obscene, harassing,
threatening, or discriminatory.
Use of any images or data that violate other University of Colorado or
UCD policies (e.g., Sexual Harassment Policy) or local, state, or
Creation of direct hypertext links to abusive, obscene, harassing,
threatening, or discriminatory material.
Use of materials whose nature or volume, compromise the ability of the
system to serve other users' documents and web pages.
Any use which constitutes academic dishonesty.
Use of departmental pages to engage in illegal activity.