Middle Georgia State University Policy Manual

11.2.8 Network Access Policy

1.0  Overview

Based on the continued trend of successful ransomware and endpoint attacks, The University System of Georgia Information Technology Handbook requires Middle Georgia State University (MGA) to implement and manage endpoint security. MGA must also be able to identify individual users of these devices in order to respond to policy violations and complaints, such as those associated with illegal distribution of copyrighted materials.

2.0  Purpose

The purpose of this policy is to establish secure network access requirements aligned with the USG IT Handbook that allow discovery, inventory, categorization, management, and segmentation of endpoints as well identification of individual users of these devices.

3.0  Scope

This policy applies to all users, devices, and systems that access Middle Georgia State University’s wired or wireless networks, including personally owned devices, IoT devices, vendor or contractor equipment, and any network-connected resources. It covers all campus locations and any remote access to MGA networks.

4.0 Policy

• Management & Governance
  • The Office of Technology Resources (OTR) manages all wired and wireless network infrastructure and security.
  • Only authorized personnel may install or connect network devices such as routers, switches, or access points to the MGA network.
  • All network equipment purchases, including wired/wireless infrastructure, Internet of Things (IoT) devices, and vendor-managed or contractor-provided equipment, must be approved by OTR and comply with institutional and USG security standards.
  • All network users must authenticate using institutional credentials or an OTR-approved registration method before access is granted to MGA production networks.
• Wired Network Access
  • Only MGA-owned or OTR-managed devices may connect to the wired network. Vendor-managed or contractor-provided equipment must be explicitly approved by OTR before being connected to the wired network.
  • Privately owned devices (PODs), like personal laptops, are prohibited from the wired network and must use the wireless network.
• Wireless Network Access
  • Unmanaged devices, including personally owned phones and tablets, vendor-managed wireless equipment, and Internet of Things (IoT) devices, like televisions, must connect only to designated guest or non-production wireless networks.
  • Critical systems must never use wireless connectivity due to heightened risks of interception, interference, and unauthorized access. Wired connections provide stronger security and reliability for these systems.
  • Permanent or stationary MGA-owned devices must not use the wireless network. Use a wired connections whenever possible to ensure higher security, stability, and performance compared to wireless connections.
  • All MGA authenticated wireless networks must use WPA2-Enterprise or WPA3-Enterprise encryption and strong authentication methods to protect data confidentiality and integrity.
• Network Segmentation & Specialized Environments
  • Personally owned devices, Internet of Things (IoT) devices, and vendor or contractor equipment must only connect through segmented networks authorized by the Office of Technology Resources (OTR).
  • A dedicated, segmented VLAN is provided for academic instruction involving tools or activities prohibited on the production network. Faculty oversight and prior OTR approval are required before use. The VLAN must remain completely isolated and must never bridge or connect to the production network under any circumstances.
• Compliance & Special Cases
  • OTR-approved credit card terminals and their encrypted payment traffic may traverse the MGA wired network; however, credit card payment data must never use the wireless network to maintain security and PCI DSS compliance.

 

 5.0  Enforcement

Devices or users that fail to comply with this or other MGA policies may have their network access limited, blocked, or disconnected until compliance is restored. Serious or repeated violations can result in permanent restrictions and referral to the appropriate disciplinary authorities. These measures are necessary to protect the security and integrity of MGA’s network and to ensure compliance with USG and regulatory requirements.

Any request for a waiver to this policy must include a documented risk assessment and proposed compensating controls. Waivers require CIO approval, must be formally documented, and reviewed annually to ensure continued risk mitigation and compliance with institutional and USG standards.

6.0 Definitions

Internet of Things (IoT) Device - Network-connected devices other than traditional computers or phones, such as smart cameras, sensors, printers, or appliances.

PCI DSS Compliance - Adherence to the Payment Card Industry Data Security Standard, which governs the secure handling of credit card data.

Personally Owned Device (POD) - Any device not owned or managed by MGA, including laptops, smartphones, and tablets belonging to students, faculty, or staff.

Segmented Network - A logically or physically separated portion of the network designed to isolate specific devices or traffic for security and compliance purposes.

VLAN – A logical subdivision of a physical network that isolates traffic for security, performance, or compliance purposes.

Endpoint - Endpoint devices can include, but are not limited to, PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.