Vendor Requirements

Vendor Requirements

3rd party vendors wishing to work with NSU must attest to the following requirements to help ensure the confidentiality, integrity, and availability of NSU services and data.

User Authentication

• Single Sign-On (SSO)
  • SAML (v 1.1, 2) or CAS (v1, 3)
• BOTH TEST and PROD environments
• Complete documentation

Data

• Encryption
  • Both at rest and in-transit
  • HTTPS (TLS 1.2+)
  • SFTP
  • Latest ciphers
• Import / Export
  • Flat file over API (Preferred)
  • Flat file over SFTP

Email

• If sending as VENDOR
  • Proper email authentication configuration: SPF and DKIM (required)
  • NSU DOES NOT whitelist domains (proper emailing should enable delivery without whitelist)
  • Send with TLS 1.2+
  • CAN-SPAM Act Compliant
• IF sending as NSU
  • DMARC with sub-domain (emailaddress@vendor.nsuok.edu)
  • Must pass DKIM and SPF
    • DKIM must properly align with FROM domain (RSA-SHA256 w/ 2048-bit key length)
    • SPF must properly align with SMTP.MAILFROM domain
  • Send with TLS 1.2+
  • CAN-SPAM Act Compliant

Remote Access

• Unsupervised access to NSU systems is prohibited
  • NSU ITS will work with the vendor on a recorded Zoom session
• VPN access WILL NOT be granted to vendors
• Active Directory access WILL NOT be granted to vendors

Vendor Domains

• NSU checks domains against ssllabs.com/ssltest (Grade A or better required)
• NSU checks domains against securityheaders.io (Grade A or better required)