This page provides links to the university’s information security policies currently in effect. Many policies have established standards to help you with policy compliance. Visit UFIT’s Standards page to view these documents.

Policy and Standard Lifecycle



IT Policy and Standard Life Cycle
Last Updated: August 25, 2016

Related Standards & Documents

IT Policy Process PDF (98KB)
Last Updated: August 25, 2016

Acceptable Use



Summary – Acceptable Use Policy
Last Updated: August 17, 2011
An overview of the essential points of the university’s Acceptable Use Policy intended to give users a quick understanding of their responsibilities.

Acceptable Use Policy
Last Updated: August 17, 2011
Rights and responsibilities, general rules, enforcement, security and privacy, and more…

Florida Computer Crimes Act
Last Updated: August, 2011
This document contains the full text of Chapter 815, Florida Statutes: the Florida Computer Crimes Act.

Related Standards & Documents

Procedure for Monitoring of IT Resources
Last Updated: August 24, 2011
The criteria and steps required for approval of monitoring or retrieval of communications, documents and files without notice, as required by the Authorized Use Policy (AUP).




Disabled Access Computing Policy
Details regarding the university policy on access to computing services by the disabled.




Email as Public Records

Last Updated: August, 2011
University of Florida edict on public records law with regard to e-mail, including retention policies

Spam Policy
Last Updated: October 23, 2003
A comprehensive description of UF’s official spam policy

Policies for the Use of Gatorlink
Last Updated: March 10, 1999
GatorLink offers a suite of free baseline services to students, faculty and staff at the University of Florida. Use of GatorLink services carries with it certain rights and responsibilities.

Policy: Electronic Mail
Last Updated: February 5, 2016
To provide for compliance, security, and efficient support services when conducting University of Florida business via electronic mail.

Information Security



Guidelines for Information Security
Last Updated: April 30, 2010
Guidelines provide additional information for handling information and information systems in a secure manner to insure confidentiality, integrity and availability of data and information..

Mobile Computing and Storage Devices Policy
Last Updated: March 1, 2013
The University of Florida has established a policy for the use of mobile computing and storage devices, and to specify minimum configuration requirements.

Data Classification Policy
Last Updated: April 26, 2012
All data at the University of Florida is now classified into three categories: restricted, sensitive, and open.

Authentication Management Policy
Last Updated: July 11, 2013
Authentication mechanisms such as passwords are the primary means of protecting access to computer systems and data. It is essential that these authenticators be strongly constructed and used in a manner that prevents their compromise.

Risk Management Policy
Last Updated: September 15, 2015
The University of Florida has established a process to manage risks to the University of Florida that result from threats to the confidentiality, integrity and availability of University Data and Information Systems.

Account Management Policy
Last Updated: January 20, 2016
To provide a comprehensive account management process that allows only authorized individuals access to University Data and Information Systems.

Policy: Backup and Recovery
Last Updated: February 20, 2016
The purpose of this policy is to protect University Data from loss or destruction by specifying reliable backups that are based upon the availability needs of each unit and its data.

Remote Access Policy
Last Updated: December 14, 2016
The purpose of this policy is to define how the University of Florida controls Remote Access to university information systems and networks in order to prevent unauthorized use.

Auditable Events and Record Content Standard
Last Updated: March 7, 2017
In order for Information Technology activity and audit logs to be useful, they must record sufficient information to serve the operational needs, preserve accountability, and detect malicious activity. This standard defines these events and content.

Audit and Logging Policy
Last Updated: March 7, 2017
To provide accurate and comprehensive audit logs in order to detect and react to inappropriate access to, or use of, information systems or data.

Control of Electronic Media
Last Updated: March 7, 2017
The purpose of this policy is to provide safeguards for electronic media to prevent loss of access to, or unauthorized disclosure of, University Data.

Media Sanitization Standard
Last Updated: March 7, 2017
Data that has been deleted using typical Operating System provided mechanisms usually remains stored on the media, and can be easily recovered. This document provides requirements to ensure that media is securely processed to prevent data from being recovered.

Identity & Passwords



Identity Management PoliciesLast Updated: March 30, 2012 Information, standards and policies related to Identity Management at UF.

Related Standards & Documents

Identity Assurance Profiles Standard
Last Updated: June 24, 2015

Identity Management Service Provider Standard
Last Updated: November 5, 2014

Intellectual Property



Last Updated: May 12, 1994
Detailed section devoted to the University of Florida’s copyright policy, including guidelines, and training materials

Related Standards & Documents

A standard is being developed and will be posted as soon as it is available.




Internet Protocol Address Assignment Policy
Last Updated: May 29, 2013

Wireless Network Policy
Last Updated: July 14, 2011
Guidelines for setup and implementation of wireless networks on campus

Related Standards & Documents

Internet Protocol Address Assignment Standard
Last Updated: May 29, 2013

Purchasing & E-Commerce



E-Commerce Policy
Last Updated: December 6, 2013
University of Florida policy on E-Commerce security and management




Advertising on University Webspace
Last Updated: October 23, 2012
Issues that arise in connection with the sale of advertising space on university webspace such as use of state resources and unrelated business income tax.

Domain Name Policy
Last Updated: October 23, 2012
Approved by the Office of the CIO on March 21, 2007, this policy outlines uses, restrictions and naming conventions for the ufl.edu domain.

Internet Privacy Policy
Last Updated: April 11, 2011
This information explains the Internet privacy policy and practices adopted by the University of Florida for its official Web sites. Privacy and public records obligations of the University are governed by applicable Florida statutes and U.S. federal laws.

Recognizing Corporate Supporters on the Web
Last Updated: October 23, 2012
Recognizing corporate supporters on University and Unit webspace without commercializing the University and Unit home pages with corporate logos.

Web Administration Policies & Standards
Last Updated: January 12, 2011
Policies and standards for campus web developers to consult when designing UF web sites.

Web Identity & Graphics Standards
Last Updated: June 3, 2011
Standards for campus web developers to consult when designing UF web sites.