Security Exception (Firewall Rule Change)

University of Alabama at Birmingham (UAB) information security policies, standards, guidelines, and procedures establish controls that are used to protect institutional data and IT Resources.  While any exception to a policy or standard can weaken protection for University IT Resources and data, occasionally exceptions will need to be made for legitimate University reasons.  Information Security Liaisons and Departmental IT partners are responsible for ensuring enforcement of controls, and requesting exceptions to UAB information security policies and standard, and/or reviewing and re-validating the need for the exception with consideration of any appropriate data owner.

In support of the academic, research, and administrative functions of UAB, Information Technology provides fully managed firewall solutions at the campus border with the Internet, within the Data Center environment, and in support of Departmental/Unit networks. Changes in the firewall access policies are necessary to allow external (Internet-wide) access to UAB resources through the border, and could also be made to allow campus or individual access to a particular system or application. All firewall exception requests will require approval by the college or departmental VLAN administrator prior to implementation. Any approved exceptions will be reviewed and re-validated on a yearly basis by the VLAN administrator.