Security and ComplianceSecurity and Compliance Icon

Security and compliance services monitor, protect and secure the university's IT infrastructure, data and operations, safeguarding the privacy of the university community while maintaining compliance with applicable policies, laws and regulations.


Approved Software/Applications

Third party vendors are now subject to the same Security Rule requirements as Covered Entities, and are also subject to relevant sections of the Privacy Rule and the HITECH Breach Notification Rule. In order to protect university confidential and highly confidential data, including PHI, the risk and compliance team assesses the security and practices of all third party vendor server applications and cloud services. Review approved applications. 

Credit Card Merchant Accounts

A payment card is any type of credit, debit or prepaid card used in a financial transaction. Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is required of all university departments that accept payment cards for financial transactions. Any third-party vendor engaged by University Merchants to process payment card transactions on their behalf, or who is engaged in payment card financial services on our campus, must also comply with the PCI DSS. 

For assistance, contact the OIT Service Desk at (303) 724-4357 (4-HELP from an on-campus phone).

Compromised Email Accounts

If you believe your account has been compromised, the OIT Security and Compliance team is available to assist. There will be an investigation into the compromised account and a process for mitigating future risk.

Report an Issue:

  1. Stop all actions. Do not turn off the computer.
  2. Contact the OIT Service Desk 303-724-4357 or 4-HELP and report the incident.

Data Usage

Security of data usage (public, confidential, highly confidential data (including ePHI) is important to keeping the university protected. Keep your school or department compliant by reviewing how you use, store and transmit data. 

For information on how to keep your school or department compliant when using, storing and transmitting data in OneDrive for Business, see Securing Data in OneDrive for Business.  

Firewall Exceptions

​​​By default, servers on the campus network are only accessible from the campus network (including VPN). In order to make your server accessible from the Internet, or from any of the affiliate networks, you will need to complete a Firewall Penetration Request and remediate any vulnerabilities or configuration changes that are identified during the penetration request process.

Please click the call to action button on the right to be directed to the OIT Service Center to create a ticket for this request. Click Log In, select Make a Request, scroll down to Security Services, and click on Firewall/IPS where you will see the Firewall Penetration Request form. 

Moving forward, public facing hosts will need to be in the DMZ Firewall. More information about the DMZ Firewall process and permissions will be coming soon.

Hard Drive Disposal

Requests to dispose of old or unused hard drives from redundant obsolete computers, retired servers, unused flash drives and photocopiers should be submitted through the Asset Management form on the Facilities Management webpage. Hard drives are then picked up by facilities and ultimately sent to Techno Rescue. Techno Rescue is under contract for the destruction and disposal of all equipment.

Phishing Emails

Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action. Phishing originally described email attacks that would steal your online username and password. However, the term has evolved and now refers to almost any message-based attack. These attacks begin with a cyber criminal sending a message pretending to be from someone of something you know, such as a friend, your bank, your company or a well-known store.

Security Review or Check

The OIT Risk and Compliance team reviews applications, cloud services and business processes to reduce risk and meet compliance standards.

Single Sign On (SSO)

OIT provides authentication services to university units for departmental or campuswide applications that require the authentication of users based on their affiliation with the university. Applications may be internal or third-party.

You must be signed on to the university network to access the request form. Links for connecting to campus resources are available on the VPN and Remote Access webpage.

Timely Termination

There is a standard process that is in place for typical terminations from the university. Timely terminations are specific to an involuntary termination or any circumstance where the unit believes there is a risk to university data. OIT will evaluate the request and then obtain approval from Legal and HR before disabling access. Please note that employees who also hold an active role as a student have specific rights to maintain access to their student account.

To submit a Timely Termination, please click the call to action button on the right to be directed to the OIT Service Center to create a ticket for this request:

    • Sign in with your CU username and password
    • Click the "Make a Request" button
    • Scroll to find the “Security Services” tile/box and click on it
    • Select "Data Access Request or Select "Timely Termination Request"
    • Select "New" and fill out the form (all fields please)

User Data Access Request

All non-emergency requests to access another user’s data must be approved by HR and Legal before access is granted. OIT has created a process to manage these requests which can be initiated by the supervisor of the person in question, or by the department administratorIf the approval is granted by HR and Legal, the IT Security and Compliance Team will coordinate the data transfer with the appropriate team(s) in OIT and the requesting department.

To submit a Data Access Request, please click the call to action button on the right to be directed to the OIT Service Center to create a ticket for this request:

    • Please sign in with your CU username and password
    • Click the “Make a Request” button
    • Scroll to find the “Security Services” tile/box and click on it
    • Select “Data Access Request
    • Select “New” and fill out the form (all fields please)
CMS Login