Update: IT Guidelines and IT Baseline Protection Rules of ETH Zurich

The 2022 edition of the “IT Guidelines and IT Baseline Protection Rules” is online:

The guidelines and rules are binding for ETH Zurich’s ICT resources and data and aim to ensure that a responsible person is identified for all ICT resources and that known vulnerabilities are remedied in a timely manner.

They govern:

  • tasks, powers and responsibilities of central roles in ICT operations
  • the baseline protection of ICT resources
  • the use of ICT resources

The ordinance “IT Guidelines and IT Baseline Protection of ETH Zurich” is compiled by the IT Services department, reviewed annually and submitted to the Vice President for Infrastructure and the Chief Information Security Officer of ETH Zurich on an annual basis.

Above all, the new version simplifies the use of external (cloud) services.

Contents, sections & articles

  • Roles of network zone & system administrators, service intermediaries and accessibility of responsible persons
  • IT Baseline Protection Rules for users, network zone administrators, system administrators and service intermediaries

Topics from “IT baseline protection rules for users”

  • Principle of the use of internal and external ICT services of ETH Zurich
  • External storage or processing of confidential data
  • Software updates
  • Do not deactivate safety functions
  • Encryption of mobile data storage
  • Screen lock
  • Handling means of authentication
  • Passwords and PINs
  • System responsibility for self-managed systems

Questions & contact

Anja Harder, IT Security Officer IT Services https://ethz.ch/staffnet/en/organisation/departments/it-services.html

Posted on
in IT-SEC,News Tags: ,,,,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.