These security procedures apply to both Cornell University staff and consultants.

1. Restricted administrative access and use – Administrative access to and permissions within secure environments requires verification of administrative identity and are granted according to job role and project specifications.
2. Multi-factor authentication is required – Application administrators must use multi-factor authentication (Duo) to access systems. This requirement also applies to external administrators and consultants.
3. Managed Servers – Access to this service is enforced via multi-factor authentication. All application support, development, and system administration must be conducted through these Managed Servers, the only systems permitted to store confidential data, in accordance with defined procedures.
4. Certified Desktop – This service offers a package of IT security tools to safeguard users' data through whole disk encryption, screen locks configured after 15 minutes of inactivity, cloud backup, endpoint detection and response, and confidential data identification.