UIS.203.9 Software Usage Restrictions and Installation Guidelines
In support of UIS.203 Configuration Management Policy
Georgetown University has adopted the configuration management principles established in NIST SP 800-171 “Configuration Management” control guidelines as the official policy for this security domain. Each system administrator and system owner must adhere to the guidelines and procedures associated with this policy in order to support and be compliant with the University information security framework.
Software usage restrictions and installation rules are intended to control and document the use of software and technology applications to ensure that authorization, lawfulness, and security are observed and meet the standards for University use.
- establishes usage restrictions and implementation guidance based on the potential for software programs [or code] to cause damage to the information system if used maliciously
- outlines the requirement to authorize, monitor, and control the use of such components within the University information systems.
Software Usage Restrictions Requirements
Employees, faculty, students, contractors and other third parties are not permitted to install illegal and/or pirated copies of software on technology devices that connect to the University network or are in use for University operations.
Only authorized technology managers, providers and support staff are granted rights and privilege to install software on University servers and endpoints. Any application deemed unauthorized or unfit for the environment will be removed from the system or host device.
All proprietary rights in databases or similar compilations are respected, and all users are limited to the appropriate use of such data.
Use of peer-to-peer file-sharing technology is controlled and documented in accordance with Peer-to-Peer sharing guideline to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Procedures for software use, distribution and removal within the University are established to ensure software meets all copyright and licensing requirements.