Designating a Federated Authorization Security Contact

Overview

This following information outlines the criteria for identifying and designating a Federated Authorization Security Contact according to the University’s Federated Authorization Process guidelines. Each University area should designate a primary and secondary Security Contact. This document covers:

  • The responsibilities of a Security Contact
  • The qualifications for a Security Contact
  • How to designate a Security Contact
  • How to request that responsibility be removed from a SecurityContact

If you have any questions about this procedure, please contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu.

Detail

Security Contact Responsibilities

Security Contacts are responsible for ensuring that only authorized University employees have access to the Student Information Systems (PeopleSoft) and Student Mart data needed to do their jobs. Security Contacts therefore have the important responsibility of preserving student confidentiality and data integrity. As a result, all PeopleSoft and Student Mart user access requests must be reviewed and approved by the Security Contacts. Individuals fulfilling the role of Security Contact must meet certain qualifications in order to ascertain that a user’s request is appropriate and to ensure the Federated Authorization process is successfully followed.

Security Contact Qualifications

Designated Security Contacts must:

  • Understand their University area’s business and academic processes
  • Be familiar with the job duties of all Student Mart and PeopleSoft users in their area
  • Be in a position of authority to independently grant and revoke access privileges
  • Complete the appropriate Federated Authorization training course

Note: Security Contacts should have worked with the University Area for several years, giving them an inherent understanding of their area’s employees and processes. Therefore, administrative assistants, student workers, new hires, contractors, graduate, and post doc students working in the area would not be the most appropriate choice.

Process for Designating a New Security Contact

  • An existing Security Contact or the head of each University area (dean, director, regional president, or department head, depending on the University area) should identify a candidate that meets the qualifications above and submit an online request or email to helpdesk@pitt.edu to the attention of Pitt IT Security, identifying the individual and why they were selected. Please include the following information:
    • Security Contact’s Name
    • Security Contact’s Title
    • Phone number
    • Username
    • Brief description of how the individual meets the criteria for a Security Contact
  • The Technology Help Desk will receive the request and transfer the case to Pitt IT Security.
  • Pitt IT Security will evaluate the request.
  • If approved, Pitt IT Security adds the new Security contact to the relevant Central Directory Service (CDS) group, adds the SA_VIEW_SECURITY_CONTACTS role to their PeopleSoft user profile, and updates the Federated Authorization Security Contact list on the Technology website.
  • The newly appointed Security Contact is responsible for reading and understanding all of the information in the Federated Authorization Community and for scheduling training with a peer Security Contact.

Process for Removing a Security Contact

An existing Security Contact or the the head of a University area (dean, director, regional president, or department head, depending on the University area) should immediately contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu to have a Security Contact removed from the list.

Get Help

The Technology Help Desk at 412 624-HELP (4357) is available 24-hours a day, seven days a week to answer your technology-related questions. Questions can also be submitted via the Web at technology.pitt.edu.

Pitt students at Pitt Hackathon

 

EMAIL AND ACCOUNT SECURITY

Keep Your Accounts, Yours

The Account Administration service enables the University to manage its account services in an effort to securely verify and protect its identity with tools, such as Multifactor Authentication and Federated Authorization Process (Student Mart Access).

Those who utilize our Pitt Email (Outlook) service are also provided with access to select services to securely manage email communications with Advanced Threat Protection and Enterprise Spam and Virus Filter Service with Exchange Online Protection (EOP).

IT GOVERNANCE

Practice Good Governance with Our Guidance

Pitt IT regularly updates its security knowledge base with the latest governance standards, while also ensuring the University’s safety against external attacks and internal accidents with industry-leading security methods and best-practices. Request guidance or support from Pitt IT or learn more with the resources below.

CONTACT US

IT Governance and Regulatory Compliance

Maintain compliance with applicable laws and regulations for restricted data (e.g., DFARS/CMMC, FERPA, GDPR/PIPL, GLBA, HIPAA, NIST 800-171, PCI)

Data Classification & Compliance

Protect the privacy of students, alumni, faculty, and staff through precautions and data classifications measures that guard against unauthorized access.

Governance & Policy Security Guides

Maintain safety practices around policies and standards with our easy-to-follow guides — developed and maintained for accuracy by Pitt IT Security and organized below.

GOVERNANCE GUIDES

google drive icon

Google Drive Security Guide

microsoft outlook icon

Microsoft Outlook Email Encryption Guide

microsoft teams icon

Microsoft Teams Security Guide

microsoft onedrive icon

OneDrive Security Guide

qualtrics icon

Qualtrics Security Guide

microsoft sharepoint icon

Sharepoint Security Guide

workstation icon

Workstation Standards Guide

zoom icon

Zoom Security Guide

DocuSign logo

eSignature Sevice (DocuSign) Security Guide

pitt individuals working on computers

 

IT POLICIES AND PROCEDURES

Master University Guidelines

Pitt IT has partnered with University communities to establish security policies that help protect computers and information from security threats — such as viruses, Trojan horses, hackers, and other forms of cybercrime.

Review these policies to help your department protect its data, while also adhering to state and federal regulations regarding technology.

VIEW IT POLICIES & INFORMATION

IT SECURITY AUDIT SUPPORT

Manage Security Audits with Our Help

Pitt IT Security is available to assist departments and schools in all IT security audit needs — including regulatory requests. Contact us for expert guidance in managing and executing audit processes through risk identification, evaluation, and mitigation.

CONTACT US

IT Audit Guidance

Request risk-based security audits from Pitt IT Security to determine if your University data is adequately protected. Assistance is also offered in cases where departments are requested to perform and report internal IT audits.

IT Risk Management

Improve your departmental risk identification, evaluation, and mitigation capabilities by working with Pitt IT Security to identify risks, assess any potential impacts, and lessen risks by implimenting mitigation controls.

IT Contract & Agreement Review Service

Review contracts and agreements with our guidance to determine if your department and the University can meet contractually obligated data-security requirements.

AUDIT & RISK RESOURCES

document safety icon

dbGaP (Database of Genotype and Phenotype) Reviews

e-business security icon

E-Business Solution Risk Assessments

it security icon

General Security Risk Assessments and Consultations

personal online safety icon

Institutional Review Board (IRB) Risk and Research Assessment

vulnerability security icon

Security Vulnerability Assessment

System security icon

System Security Plan Development

vendor security icon

Third-party Vendor Risk Assessments

THREAT AND INCIDENT MANAGEMENT

Identify Risks Before They Become Threats

Pitt IT Security can help you identify potential threats before they become issues for your department. Are you concerned that your data has already been compromised? Pitt IT Security will help you assess the situation, manage the incident, and respond to University stakeholders and legal partners.

LEARN MORE

it professional considering help options

Access Management

Ensure appropriate access for network users through network security controls, ID management, authentication measures, physical security, remote support tools, and encryption management.

 

fingers on keyboard

Incident Management

Request our help to quickly restore normal service operations after an incident and minimize the impact on business operations — ensuring service quality and availability are maintained.

 

pitt it staff working

Investigations and Forensics

Partner with us to investigate your networks and systems when requests are submitted to you by OUC or Law Enforcement.

 

hand on keyboard

Threat Detection and Response

Proactively search for cyber threats and use the latest practices to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

 

hand on mouse

Vulnerability Management

Identify vulnerabilities in managed systems, evaluate the severity of risks, and take planned actions for correcting these issues with our guidance and support.

 

pitt it staff working on infrastructure

Security Operations

Safeguard your systems by having our Threat and Incident Management Team triage potential University network threats by evaluating inputs from many security, network, and system tools.

 

IT SECURITY ARCHITECTURE AND ENGINEERING

Build a Security Strategy that Fits Your Needs

Security architecture can help you design and document key elements of your overall security program, which ensures that your department and users can understand and utilize methods for creating safe, collaborative digital environments. Pitt IT Security will work closely with you to create a well-defined strategy that fits your needs and uses industry-leading best practices to enable your department’s security and success.

LEARN MORE

Strategy and Design

Plan and create your IT environment with security as a top priority.

Security Tooling

Implement the proper tools and security measures for your needs.

Solution Engineering

Design and develop secure solutions that fit your unique work processes and data needs.

 

Related Information

 

Request Help

Details

Article ID: 237
Created
Thu 8/3/23 2:00 PM
Modified
Tue 2/13/24 1:30 PM

Related Services / Offerings (1)

IDENTITY AND ACCESS MANAGEMENT The Federated Authorization Community allows University faculty and staff to request access to the University's enterprise systems and data.