Update: IT Guidelines and IT Baseline Protection Rules of ETH Zurich
The 2022 edition of the “IT Guidelines and IT Baseline Protection Rules” is online:
- «IT-Richtlinien und IT-Grundschutzvorgaben» https://rechtssammlung.sp.ethz.ch/Dokumente/203.23.pdf (in German)
- «IT Guidelines and IT Baseline Protection Rules» https://rechtssammlung.sp.ethz.ch/Dokumente/203.23en.pdf (in English)
The guidelines and rules are binding for ETH Zurich’s ICT resources and data and aim to ensure that a responsible person is identified for all ICT resources and that known vulnerabilities are remedied in a timely manner.
They govern:
- tasks, powers and responsibilities of central roles in ICT operations
- the baseline protection of ICT resources
- the use of ICT resources
The ordinance “IT Guidelines and IT Baseline Protection of ETH Zurich” is compiled by the IT Services department, reviewed annually and submitted to the Vice President for Infrastructure and the Chief Information Security Officer of ETH Zurich on an annual basis.
Above all, the new version simplifies the use of external (cloud) services.
Contents, sections & articles
- Roles of network zone & system administrators, service intermediaries and accessibility of responsible persons
- IT Baseline Protection Rules for users, network zone administrators, system administrators and service intermediaries
Topics from “IT baseline protection rules for users”
- Principle of the use of internal and external ICT services of ETH Zurich
- External storage or processing of confidential data
- Software updates
- Do not deactivate safety functions
- Encryption of mobile data storage
- Screen lock
- Handling means of authentication
- Passwords and PINs
- System responsibility for self-managed systems
Questions & contact
Anja Harder, IT Security Officer IT Services https://ethz.ch/staffnet/en/organisation/departments/it-services.html
