7.20.08 Network Connection of Surveillance Equipment |
 Printable Version |
Approved on: 09/03/2003
By: Administrative Council
Effective Date: 09/03/2003
Policy Summary
Connection of IP addressable cameras and digital video-recorder systems used for surveillance to the Georgia State University network (either through direct copper/fiber wiring or indirect 802.X technology) must be approved by the University Information Security Officer (ISO) and IS&T prior to being placed in operation.
Applicability/Eligibility
Students
Faculty
Staff
Administration of Policy
Mandating Authority:
Administrative Council
Responsible Office(s):
Information Systems and Technology, 13th floor, Commerce Building, 3-4357
Responsible Executive(s): AP for Information Systems and Technology
| Position Title | Campus Location | Phone Number and/or E-mail Address |
|---|---|---|
| Information Systems and Technology | 13th Floor, Commerce Bldg. | 404-413-4357 |
Full Policy Text
The
Rationale or Purpose
Increased attention to security and protection of human and physical resources around the Georgia State University campus has resulted in the need for quickly deployed and easily maintained security and surveillance systems. Digital recording devices and digital monitoring devices provide a very cost effective solution and are readily available. However, placing these devices on the data network without proper information security consideration or configuration could result in access to the system or to information being collected on the system by unauthorized users. This is particularly critical for systems that are either protecting valuable resources or for systems that may collect evidentiary information for future prosecution of suspects. In order to ensure systems are being accessed only by the minimum persons required, equipment and software must be reviewed by the ISO and network staff to determine if the requested system can be secured, methods that can be used to access the system from on and off campus, and potential impact on network traffic when the system is placed in service.
Policy History
None
Cross References
None
Additional Information
Standards
Denial of Access. IP addressable cameras and IP addressable digital video recorders (DVR) (associated with either analog or digital cameras) making a physical or 802.X connection to the university network infrastructure must allow for denial of access by other than those users specifically included in a system Access Control List (ACL).
Access through VPN. All access to IP addressable cameras and associated digital recorders used for security and surveillance from other than physical connections to the campus network will be accomplished through the centrally managed Virtual Private Network (VPN).
Audit Reporting of Accesses. Digital video recorders used to collect and store identifiable personal images should be configurable to allow audit reporting of accesses to the recorder.
Evidentiary Documentation. Digital video recorders used to collect and store identifiable personal images should include technology for "watermarking" of files in order to be suitable for evidentiary documentation.
Systems Accesses by Georgia State Policy Personnel. Security and surveillance camera systems that are intended to be accessed by Georgia State University police personnel will comply with the following technical specifications:
- Allow for simultaneous viewing of live and recorded images
- Store recorded images in MPEG II format
- Include capability for transfer of stored images to external storage media
- Does not require vendor specific/proprietary applications or clients for viewing live or stored images
- Provides seven days of image storage from all connected cameras on the recording device
Additional Helpful Resources
Procedures
None