IT Security Information

Data Classification Level: High

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable.

Permitted

Not Permitted

Data Type Description 

IT Security Information consists of information that is generated as a result of automated or manual processes that are intended to safeguard the university’s IT resources. It includes settings, configurations, reports, log data, and other information that supports IT security operations.

Passwords, a particular type of IT Security Information, should not be permanently stored in any online storage service. Normally passwords should not need to be conveyed from one person to another; people should set their own initial password and use account recovery for forgotten passwords. However, in cases where a hand-off between two persons is unavoidable, passwords may be electronically conveyed as long as certain conditions are met:

  • A password can be put in a Dropbox at U-M Paper and shared with the person it is for if the Paper is deleted after five days.
  • A password can be sent via Gmail at U-M only if Virtru encryption is used, forwarding is disabled, and the message is set to expire after five days.
  • Password recipients should be advised to change their password immediately on first use.

Data Steward: Information Assurance

Examples 

  • Access and authentication logs
  • IT security program plans
  • IT security incident information
  • Firewall rules
  • Privileged Credentials

Laws/Regulations/Policies 

Institutional Data Resource Management Policy (SPG 601.12)

Additional Resources 

Stewardship of IT Security Information
Andrew File System (AFS): 
Not Permitted
Canvas: 
Permitted
Cloud Storage Included with Software: 
Not Permitted
Data Warehouse: 
Permitted
Desktop Backup (Powered by Code42): 
Permitted
MiDesktop: 
Permitted
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Permitted
Globus: 
Permitted
Amazon Web Services GovCloud at U-M: 
Permitted
Amazon Web Services (AWS) at U-M: 
Permitted
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Permitted
Google Mail and Calendar at U-M: 
Permitted
Google at U-M Core Services: 
Permitted
MiDatabase: 
Permitted
MiServer: 
Permitted
MiShare: 
Permitted
MiStorage CIFS with AWS S3 Cloud Storage Integration: 
Permitted
MiStorage (NFS): 
Not Permitted
MiVideo: 
Permitted
MiWorkspace: 
Permitted
Personal Accounts: 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
Permitted
Qualtrics: 
Permitted
ServiceNow at Michigan Medicine: 
Permitted
MiBackup: 
Permitted
Turbo Research Storage: 
Permitted
Michigan Medicine Exchange/Outlook Email and Calendar: 
Permitted
Document Imaging System: 
Not Permitted
E-signature Service - SignNow: 
Permitted
Piazza Q&A: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Permitted
Microsoft Azure at U-M: 
Permitted
Google Cloud Platform (GCP) at U-M: 
Permitted
Perusall: 
Not Permitted
Secure Enclave Service (formerly Yottabyte Research Cloud): 
Permitted
Microsoft Office 365 at U-M: 
Not Permitted
Armis2: 
Permitted
Great Lakes Cluster: 
Permitted
Adobe Cloud Storage: 
Not Permitted
Zoom at U-M: 
Permitted
TeamDynamix at U-M: 
Permitted
Dropbox at U-M: 
Permitted
Virtru at U-M: 
Permitted
Microsoft Teams at U-M: 
Not Permitted
Denodo at U-M: 
Permitted
Slack at U-M: 
Permitted
Microsoft 365 at Michigan Medicine: 
Permitted
Lighthouse HPC Cluster: 
Permitted
MyDataHelps: 
Not Permitted
REDCap MICHR Academic License: 
Not Permitted
GitHub Enterprise SaaS: 
Not Permitted
Data Den Research Archive: 
Permitted
Locker Large-File Storage: 
Permitted