Policy ACAF-IT-014

Responsible University Administrator:Vice President for Academic Affairs
Responsible Officer:Chief Information Officer
Origination Date:N/A
Current Revision Date:02/19/13
Next Review Date:02/19/17
End of Policy Date:N/A
Policy Number:ACAF-IT-014
Status:Effective

 

SECURE NETWORK INFRASTRUCTURE POLICY

PDF Version

 


Policy Statement


Protection of the network infrastructure at the University of Southern Miss is necessary in order to assist the university in effectively achieving its mission of teaching, learning, research, and public service.


Reason for Policy/Purpose


This policy is required for the effective communication of university policies that protect the network infrastructure.  


Who Needs to Know This Policy


All users of The University of Southern Mississippi information technology resources.


Website Address for this Policy


www.usm.edu/institutional-policies/policy-ACAF-IT-014

 


Definitions


 

users include but not limited to all students, staff, subcontractors, visitors, visiting scholars, potential students, research associates, grant and contract support personnel, media representatives, guest speakers, and non-university entities granted access to the University of Southern Miss's information technology resources.
Position of authority for information technology   Chief Information Officer or the CIO’s delegate.

Policy/Procedures


 

1.0  All "users" are required to be familiar with and comply with this policy.

 

2.0 GENERAL

 

2.1 The entire infrastructure of each campus or institute will be the responsibility of the position of authority for information technology at each respective teaching site, department, or area.

 

2.2  All network infrastructure components shall be maintained at a reasonable operational and secure level. Components that are older and have out-of-date revision levels are a high security risk and operate at a suboptimal level. The position of authority for information technology at the respective teaching site, department, or area shall develop a plan that meets the needs of each respective campus or institute for maintaining a reasonably modern level of these components. An equipment refresh cycle shall be developed by the position of authority for information technology in conjunction with the lead financial entity at the respective campus or institute that is in accordance with industry standards related to the end­-of-life timeframes of network infrastructure components.

 

2.3  This policy will cover all wiring and electronic devices from the wall outlet inward to the campus or institute core network. In addition, certain devices outside the wall-outlet-to-core region including all university subscribed services (e.g., dial-in servers, DSL, and cable modems for example) are also subject to this policy.

 

2.4  Wireless networks are an important part of the network infrastructure and have specific security requirements. These requirements are to be defined in the UNIVERSITY OF SOUTHERN MISS INFORMATION TECHNOLOGY WIRELESS POLICY (www.usm.edu/institutional-policies/policy-acaf-it-023).

 

2.5  A customized network infrastructure plan that defines technical, operational, and security elements will be presented, maintained, and updated prior to each major upgrade of the network infrastructure. This plan will serve as the blueprint for planning and budget purposes.

 

2.6  A disaster recovery and emergency response plan shall be in place for all critical elements of the network infrastructure for each campus or institute. The development of the plan shall include input from the information custodians and the lead financial entities at each campus or institute.

 

2.7  This policy applies to all planning for facility construction projects involving network infrastructure components, whether new facilities or remodeling of existing facilities. The position of authority for information technology at the respective campus or institute shall be consulted concerning specific network infrastructure requirements in all cases.

 

3.0  NETWORK WIRING

 

3.1  Due to the sensitive nature of the wiring required for information technology, installation, and maintenance of all wiring is the sole responsibility of the information technology entity at each respective campus or institute. Wiring will not be installed by divisional faculty, staff, or students. Wiring will not be installed by third party contractors hired by a unit without the express consent of, and under the direct supervision of, the position of authority for information technology at each respective campus or institute.

 

3.2  For all existing data communication closets, use of this space must be dedicated to data communications, monitoring, telephone equipment and electrical panels (when they are already installed) given the critical nature and physical security protection requirements of the equipment located in this space. The space must not be used for housekeeping, storage space, or for any other use. Dedicated, secure communications closets are critical to the physical security of the campus or institute network.

 

3.3  Locks will be unique for data communications closets to discourage other use of this space and to discourage unauthorized personnel from making wiring changes.

 

3.4  It is the responsibility of the teaching site, college, or department to provide appropriate space for the data communications closet in the design for any new building and renovations of existing facilities.

 

3.5  All new wiring installations, including those involved in renovation of building(s), must adhere to low voltage industry standards as specified in the wiring standards and practices including, but not limited to, those shown in the Southern Miss Cabling Standards document.

 

4.0  MONITORING, MAINTENANCE, AND REPAIR OF DEFECTIVE COMPONENTS

 

4.1 The position of authority for information technology at each respective teaching site, department, or area will monitor all active network infrastructure components. This will allow for quick problem detection and repair or replacement of failing devices as well as review of potential security incidents. This also includes the monitoring and removal of any and all non­-approved equipment that is inappropriately connected to the Southern Miss network and the unauthorized use of University resources (i.e. network bandwidth, electricity, etc).

 

4.2 After-hours access to data communications closets must be provided to selected information technology personnel so that failing components can be quickly repaired or replaced and/or resolution of security incidents can be expedited. A defined plan created by the position of authority for information technology at each teaching site, department, or area for spare components shall be in place for all critical components of the network infrastructure.

 

4.3 All network infrastructure devices shall be maintained at the most recent stable code levels that provide the highest required level of security. The position of authority for information technology at the respective campus or institute shall be consulted if assistance is required to determine the appropriate code level for infrastructure devices.

4.4 There shall be a pre-determined maintenance window established for all network infrastructure devices that provides sufficient time on a regular basis to maintain the hardware and software updates.

 

5.0  RELATED SERVICES 

 

5.1  The university iTech will control IP address management. This will be done via a Dynamic Host Configuration Protocol (DHCP) with static Internet Protocol (IP) addresses assigned as necessary.

 

5.2  The university iTech will control Domain Name System (DNS) management.

 

5.3  The university iTech will try to accommodate all requests for special network topologies that are needed for research, teaching or service. 

 

6.0 NETWORK INFRASTRUCTURE DEVICE CONTROL

 

6.1  All network infrastructure devices shall have logging capabilities enabled to record all access attempts, both successful and unsuccessful.

 

6.2  All network infrastructure devices shall have a secure password methodology for access. All network infrastructure devices must be designed, tested and controlled to prevent the retrieval of stored passwords.

 

6.3  All network infrastructure devices shall be restricted to secure communications protocols for administrative and/or maintenance access. In cases where insecure protocols must be used, compensating controls must be in place and documented. The Technology Security Officer shall be consulted if assistance is required to determine the appropriate compensating controls for access to infrastructure devices.

 

6.4  All back-ups for network infrastructure devices must be secured at the same level as the primary device.

 

7.0  ENFORCEMENT

 

7.1 Faculty, Staff, and Students: Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion, and/or termination of employment in accordance with procedures defined by USM administrative policies stated in the handbook governing that individual.

 

7.2  External Entities: Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.

 


Review


The Chief Information Officer is responsible for the review of this policy every four years (or whenever circumstances require immediate review).

 


Forms/Instructions


N/A 

 


Appendices


Southern Miss Cabling Standards document 

 


Related Information


N/A 

 


History


Amendments: Month, Day, Year – summary of changes

  1. 04/23/08 : Posted to website.
  2. 09/04/08 : Added hyperlink to “CablingStdsv1.doc.”
  3. 11/01/11: Formatted for Institutional Policies website.
  4. 02/19/13: Formatted for template. Renumbered policy section. Linked “cablingStdsv1.doc” added as Appendix.

APPENDIX: USM CABLING STANDARDS

 

 

THE UNIVERSITY OF SOUTHERN MISSISSIPPI

 

CABLING STANDARDS

 

 CABLING STANDARDS 8

A.     General 9

B.     Instructions 10

C.     Communication/Data Closets’ General Description 11

D.     Grounding: 12

E.     Equipment Listing and Specifications: 12

1.     Fire code compliance 12

2       Wireless Network Access 12

3.     System components shall be the following part numbers. 13

F.     Wiring Schedule - FIPS pub standard 568B 14

1.     RJ-45 modular data jack 14

G.     Installation Guidelines and Documentation 14

1.     Cable Routing 14

2.     As-built documentation 16

3.     EMI sources 16

4.     Fire stopping 16

H.     Certification, Testing, and Acceptance 18

1.     Twisted pair media 18

2.     Warranty 18

3.     Acceptance by Owner 18

I       Figures 19

1       Typical Work Area Outlet 19

2       Typical MDF Equipment Rack design 19

3       Typical IDF Equipment Rack design 20

4       Typical office space cabling design 21

5       Typical class room cabling design 22

6       Typical conference room cabling design 23

7       Typical Computer Lab Equipment Rack design 24

8       Typical Computer Lab cabling design 25

 

 

A.        General

 

1.         These specifications describe the minimum requirements that must be met by the data contractor for all work as specified hereunder for the furnishing and installation of the Computer and Data Cabling System left in ready condition for equipment installation.

 

B.        Instructions

 

Applicable requirements listed under paragraphs title  “Raceways and Fittings” and  “Boxes and Fittings” shall apply and are available at the University’s Physical Plant Department.  Scope of work required for Data Cable Installation by the Data Contractor:

 

1.         Verify telephone and computer requirements with USM itech planning department before installation.  Assume responsibility for failure to do so.  Report any recommendation for changes to USM itech planning department.

 

2.         Conduit with cable, cable tray system with cable, J-Hook systems with cable, bushings, boxes, backboards, plates, jacks, patch panels, cable management, shelving frames, hardware and terminations per these specifications and as shown on the drawings.

 

3.         Backboards sized as shown on the drawings of 3/4" fire retardant plywood long dimension vertical and painted with two (2) coats on all Six sides of good quality white fire retardant paint.  Backboard assemblies shall be fire retardant.  Each backboard shall have duplex emergency receptacle properly located and connected to dedicated circuit.  Entire communication room walls shall be covered with backboards as noted above.

 

4.         Each backboard or rack shall have a #6 solid, insulated wire installed.  Ground wire shall originate from the service equipment ground and shall be installed in 3/4" conduit.  Bond conduit to grounding conductor at all wire exit points and install bushing.  Bonding conductor may be installed from backboard to backboard.

 

5.         Provide main distribution frame (MDF) and intermediate distribution frame (IDF) for equipment and wiring in riser closets for Data Structured Cabling System.

 

6.         No UTP data cables shall be longer than 90 meters from the MDF or IDF to the workstation.

 

7.         Coordinate rack layouts in MDF and IDF with the iTech planning department.

 

8.         All station cables to have a minimum of 25 feet of slack at MDF or IDF measured from point of entrance.  Included in termination, 8ft of slack should be left in MDF or IDF.  Slack storage shall be in ceiling with service loops in ceiling above, if not applicable then in overhead ladder rack in a standard and organized manner.

 

9.         All cables shall be plenum rated.  Specifications are outlined in section 3 of this document.

 

10.       Provide 2 each Category 6 augment Green patch cords for each data station (one at workstation and one in MDF or IDF), one shall be 4 feet long and the other shall be 7 feet long.

 

11.      Category 6 UTP terminates into a Cat 6 augment patch panel, in each MDF and IDF.  Terminations made with a Krone Punchdown.  Patch panels shall be provided to accommodate each data wire in groups of 24, or 48.  High density panels shall be used as noted on project drawings and in section 3 of this document.

 

12.      Provide a minimum of two cable drops per room, both drops wired with 2-Cat 6 augment cables each.

 

13.     Terminate both ends of Fiber cable as directed by the USM iTech group.

 

14.     Terminate both ends of Telephone cable as directed by the USM iTech group.

 

 

C.        Communication/Data Closets’ General Description

 

1.           There are two types of communication closets: the Main Distribution Frame (MDF), and the Intermediate Distribution Frame (IDF).

 

2.       The MDF contains data wiring, riser fiber, data communication, equipment and associated hardware.

 

3.       The MDF shall also meet the requirements of an IDF.

 

a.       The MDF and IDF shall be provided with the following:

 

(1)      All hardware, electronics, riser connections, and rack layouts will be shown on drawings.  Part numbers and descriptions listed in section 3 of this document.

 

4.           Workstation Requirements:

 

a.            Each workstation cable shall be numbered and identified on both ends of the cable run with a numbering scheme that will be provided on the as built documentation to the iTech planning group.  Each outlet and associated connection at the patch panel shall be uniquely identified on the face of the outlet plate and patch panel with a scheme that shall be provided by USM iTech group.

 

b.           Cables from the MDF or IDF to outlets shall be run continuous with no splices.

 

c.            Each outlet box for data workstations shall be a deep box. 

 

d.           All data and phone wire shall terminate at a patch panel.

 

e.           All metal plates, boxes, and raceways, etc., shall be grounded.

 

f.            Faceplate style shall be determined by project.  It will be the contractors responsibility to determine the project requirements.

 

 

D.        Grounding:

 

1.           Ground all systems and equipment in accordance with the N.E.C.

 

2.           All ground connection in the MDF room and IDF rooms shall be made to the ground bar.  The ground bars shall be interconnected to each other with #6 AWG and directly connected to the Main Service ground.

 

3.           Grounding of all communications cable shield shall be in the MDF room.

 

4.           Any wire used for grounding shall not be less than #6 AWG and insulated.

 

5.           All metal panels, enclosures, boxes, racks, raceways, etc., in the MDF room shall be grounded.

 

6.           The MDF and IDF shall each have four dedicated 20A, 120V electrical outlets on separate circuits to accommodate the above requirements.  Other room convenience outlets shall be located at 6 foot intervals around the room.

 

E.        Equipment Listing and Specifications:

 

1.       Fire code compliance

 

All cabling installed in the riser or horizontal shall be of FRD construction and otherwise meet or exceed all local wire codes.

 

All connectors, wiring components, and equipment to be mounted in ceiling air spaces shall meet and be installed in conformance with local codes.

 

2        Wireless Network Access

 

Inclusion of Wireless technology into a building redesign plan will require a certified wireless site survey to be completed.  The design submitted from the survey will outline the access point locations, equipment, and labor to fulfill the project design requirements.  If this is a new construction project the AP locations will be determined from the University’s IT staff.

 

3.         System components shall be the following part numbers.

 

                                            Description                                                                      Part #

DATA -

23-4P UTP-CMP SOL BC CAT6 10Gig FEP/FRPVC Green Jacket             CMP-00424KRO-10T-04

KRONE 2 Port Faceplate,                                                                               6644-1-152-01

KRONE CAT6 10GIG KM8 Modular Jack, Green                                               6830-1-835-04

         KRONE 24-patch panel CAT6 10Gig Copperten                                             TPMNP-24NC10BK

Krone RJ45 to RJ45, CAT6 10Gig Copperten Green (4 ft.)                             6645-2-845-04

Krone RJ45 to RJ45, CAT6 10Gig Copperten Green (7 ft.)                             6645-2-845-07

 

VOICE -

 

23-4P UTP-CMP SOL BC CAT6 10Gig FEP/FRPVC Green Jacket                     CMP-00424KRO-10T-04

KRONE 2 Port Faceplate,                                                                              6644-1-152-01

Krone 50-pr disconnect Block                                                                       6652-1-880-10

KRONE CAT6 10GIG KM8 Modular Jack, Green                                              6830-1-835-04

48 port high density telco patch panel                                                         OR-808004042

 

MISALAINIOUS EQUIPMENT -

Chadsworth 19”x84” Black Rack                                             55053-703

CPI Vertical Cable Mgt (side)                                                 CPI 14830-703

CPI Horizontal Cable Mgt.                                                     CPI 30530-719

Panduit Velcro 15’ roll Black                                                   HLS-15R0

Erico J-hook                                                                            CAT21

Erico J-hook                                                                            CAT32

Erico J-hook                                                                            CAT425

Erico J-hook                                                                            CAT214Z34-EA

            (Tripplite Model 1400RM or comparable).

 

Network Equipment

 

            Cisco AP1131 Wireless AP                                                     AIR-AP1131AG-A-K9

            Cisco 6504                                                                             WS-C6504-E

            Cisco 3750-48TS-S                                                                 WS-C3750-48-TS-S

 

******6504 configuration needs to be provided in document prior to bid and are available upon request during bid process through iTech**********

 

Prior approval submittals     

 

 

F.         Wiring Schedule - FIPS pub standard 568B

 

All wiring shall conform to the schedule shown in the following section.

 

1.         RJ-45 modular data jack

 

Eight (8) contact modular jacks (RJ-45) shall be utilized for all data circuits wired as follows:

 

Contact            1          2       3             4      5     6       7       8

 

Conductor       T2        R2    T3           R1 T1   R3    T4     R4

 

 

 

G.        Installation Guidelines and Documentation

 

1.         Cable Routing

 

Cable runs shall be through common use areas (i.e., corridors, atriums, etc.) not through offices, closets or areas that cause undue disruption to personnel or clients.  In the event this is not possible, deviations from these areas shall be first reviewed with the USM iTech Planning group.  Cabling shall enter and exit the run areas at 90 degree angles.

 

Cable runs shall be in raceways (conduit, cable trays, or J-hooks depending on project plan).

 

All cable runs shall run parallel or perpendicular to corridors to preserve neatness and to minimize interference with structures mounted above the drop ceilings.  Corridor crossovers shall be minimized.

 

All cables run above drop ceilings shall be installed such that they are supported up off of ceiling tiles, using saddle bags, J-Hooks, or conduit.

 

Cables with service loops or additional length specified shall be coiled from 300% to 600% of their recommended minimum bend radius, the coil wire tied, and the tied coil attached to support.  When a coil shall be comprised of cables of more than one virtual channel of communications, then each loop of the coil shall be of varying diameters to ensure there is no inductance of signals from one channel to its neighbor.

 

Cables shall terminate to the patch panels in such a manner that there is logical progression through the patch panel(s) of ports representing adjacent offices or wall plate locations.  This is to ensure that wall plate locations are not randomly scattered across the field.

 

Cable runs shall be free of tension at both ends as well as over the length of the run.

 

Cable runs shall be free from bridges, taps, or splices from the user interface (wall plate) to the Distribution Frame.

 

No cable shall be run exposed.

 

Cables shall be secured with detachable Velcro straps and should be loosely attached and at random intervals.  Maintain a maximum bend radius of four times the circle diameter, but never exceed 90 degree turn.  Do not staple, do not exceed 25 pounds feet when pulling cable bundles.

 

Cabling Trunk systems shall be constructed out of unistrut and all thread.  A demo of the  unit is available in Forrest County Hall room 207D.   Diagram of proposed trunk layout is provided in the project drawings.  Part specifics are listed in section 3 of this document.  Any deviation from this design must have the signed approval from the USM iTech  group.

 

J-Hooks will be used to enter each room to deliver the cable drop to its specific location.  This solution will enter a room on the immediate right hand side and will follow the wall counter clock wise dropping off each drop at its specific location.  Diagram of proposed j-hook design is provided in the project drawings.  The part specifics are listed in section 3 of this document.  Any deviation from this design must have the signed approval from the iTech project management owner.

 

2.         As-built documentation

 

The wiring contractor shall provide the following as built documentation, within 30 days of completion and before final payment:

 

a.            Floor plans with cable numbering to each workstation location and cable runs.

 

b.           Frame layout with one-line type drawing of entire system.

 

c.            patch panel cut-sheet hard copy and preferably a database (PC compatible).

 

d.           Cross-connection log hard copy and preferably a database (PC compatible).

 

e.         Cable Certification Test results.

 

3.         EMI sources

 

Cable shall be routed such as to maintain the following minimum distances from power sources:

 

6 inches from power lines of 2 KVA or less

12 inches from high voltage lighting (including fluorescent)

36 inches from power lines of 5 KVA or greater

40 inches from transformers and motors

 

4.         Fire stopping

 

Whenever and wherever it is necessary to pass through a fire-wall or between floors, all such pathways shall be sleeved and fire stopped using Nelson FSP Fire stop Putty or equivalent to reduce the possibility of the spread of fire and smoke.  Any equivalent material must be of such composition as to allow it to be removed for the placement of additional conductors and then be replaced in sleeved area to resist the spread of fire.  In the case than any cable installation through a breached firewall or floor is to be left incomplete for a period of more than 8 hours then the pathway must be temporarily fire stopped using Nelson PLW Fire stop Pillow or equivalent.

 

All horizontal UTP wiring and fiber optic wiring shall be run in conduit, cable tray and in combination with J-Hooks.

 

In an effort to develop an intelligent number system by which the horizontal cabling may be easily identified, each cable, wall plate, and patch panel and/or punch block shall be marked with a designation developed to the following or similar formula:

 

DF# - Group - Channel

DF# is the Distribution Frame the cable connects to

Group is represented in each frame, by patch panel

Channel reflects the port number on a group

 

 

H.        Certification, Testing, and Acceptance

 

1.         Twisted pair media

 

All tests shall be conducted after all wiring and connectors are terminated form workstation location to equipment room.  Installer shall notify Owner at least 5 days prior to beginning testing.

 

After installation, all horizontal channels shall be tested for continuity, channel documentation, and correct sequence.  Contractor shall certify, by letter, a 100% test.  Before acceptance, Owner, or a third party of their choice, will test a number of channels not to exceed 5% and expect 100% correct operation.  If any channel fails, the contractor will retest that IDF 100% and remedy any problems.  Any cable that does not pass the designated tests will be re-terminated (or replaced) and retested.

 

Wiring configuration shall be tested for continuity, opens, shorts, swaps, and correct pin configuration.  The following tests shall be conducted on each Category 6 circuit: dc loop resistance shall be measured.  Cable length shall be verified with a device manufactured for that purpose. Mutual capacitance shall be verified on a worst case basis.  Characteristic impedance shall be verified from 1 MHZ to 250 MHZ for Category 6 cable. Attenuation shall be verified from 1MHZ to 600 MHZ for Category 6 cable.  Near end crosstalk shall be verified from each end of the complete circuit for all pair combinations in the range of 1MHZ to 600 MHZ for Category 6 cable.  For Category 6 cable, performance limits shall meet the requirements of EIA 568B-2.  Cable shall be terminated, tested and certified by ADC certified installers.  Tests for attenuation, NEXT, ARC, distance, link, wire map and independence will be provided in two bound and indexed sets of hard copies for review and on CD in standard format.

 

2.       Warranty

 

All passive cabling, components, and workmanship shall be warranted for a period of not less than twenty (10) years from the data of Owner acceptance.  Installer of cabling system shall be certified to the manufacturer issuing the warranty.

 

3.       Acceptance by Owner

 

No payment will be made until acceptance is granted by the iTech planning department.

 

 

I          Figures

 

1                Typical Work Area Outlet

 

 

 

 

 

 

2        Typical MDF Equipment Rack design

 

 

 

3        Typical IDF Equipment Rack design

 

 

 

4        Typical office space cabling design

 

 

5      Typical class room cabling design

 

 

 

6        Typical conference room cabling design

 

 

 

7        Typical Computer Lab Equipment Rack design

 

 

8        Typical Computer Lab cabling design

 

 

 

 

 

 

 

- END OF SECTION USM Cabling standards -