ITS Security Policy 117 - Education and Training Sandbox Environments

Tags security

Status: TDX Submitted Draft
Last Revision Date: September 14, 2022

Statement of Purpose

In order to facilitate computer science-related instruction at Clackamas Community College, faculty may require specialized environments. These environments, designated as Sandbox Environments, are directly managed by faculty and are exempt from the security controls outlined in the Information Security and Acceptable Use Policies.

To mitigate risks, faculty and Clackamas Community College ITS staff collaborate to create a controlled environment that meets instructional needs while ensuring the security of the broader Clackamas Community College technology infrastructure.

A Sandbox Environment is a self-contained, specialized teaching environment that is fully isolated from the Clackamas Community College network, services, and other institutional resources.

Scope Statement

This policy has a strictly defined scope and applies only to special teaching environments created in partnership between faculty and ITS staff, formally designated as Sandbox Environments.

Policy Summary

Clackamas Community College instructors may use a Sandbox Environment to support curriculum in network administration, information security, software development, and other IT-related fields.

This policy is subject to and superseded by all applicable regulations and laws.

Policy

  1. The Chief Information Security Officer (CISO) must approve the establishment of a Sandbox Environment.

  2. The ITS Security Team shall review and certify Sandbox Environments to ensure proper isolation from production systems and implementation of appropriate security controls to prevent student activities from impacting legitimate college operations.

  3. The Information Security Team shall conduct periodic audits to verify the integrity of Sandbox Environments, including post-modification reviews after significant changes.

  4. Access to Sandbox Environments shall be restricted to computer science students and faculty.

  5. Sandbox Environments shall be used exclusively for course-related activities.

  6. Sandbox Environments shall not be used for illegal activities or any actions involving tracking, monitoring, surveillance, threats, or harassment.

  7. Each Sandbox Environment shall enforce an Acceptable Use Policy (AUP), and all users must formally agree to its terms before access is granted.

  8. A designated physical security steward shall be assigned to each Sandbox Environment.

  9. Computer Science faculty shall ensure compliance with all applicable policies, laws, and regulations and shall report any non-compliance to the Clackamas Community College CIO.

Exemptions

Certified Sandbox Environments are exempt from all other Information Security and Acceptable Use Policies.

Exceptions

Exceptions to this policy must be pre-approved in writing by the Chief Information Officer (CIO).

Print Article