The Web Hosting Service has designated hosting platforms that are specifically designed to secure restricted data, as defined by the office of Cybersecurity:
These platforms are more secure for several reasons:
- They reside on designated restricted data subnets and have more restrictive firewall rules in place. For example: Web-based access to the Administrative Control Panel and Secure FTP publishing are both exclusive to the static IP addresses of the developers who require access.
- Individual administrative accounts (Secure FTP, Admin Control Panel, etc.) are supplied to each developer who will require access
- Additional security software tools are used to monitor the restricted data platforms.
- All sites are required to use certificates and SSL to encrypt server-client data transactions.
- Web applications are segregated. For example: Each application on the Windows/IIS platform has its own application pools and IUSR accounts. This allows for sandboxed applications/processes and highly granular permissions.
Hosting Restricted Data
Hosting restricted data requires special precautions. If your site needs to handle restricted data, you must sign up for a Platinum Service Level account. In addition, before your web hosting account is in production a review with Office of CyberSecurity staff and DoIT's Web Hosting team will take place.
-- Restricted data platforms are NOT fully PCI compliant to process credit card data directly but offer PCI compliance for storefronts that are one click away from processing the credit card payment.
-- UW-Madison departments with E-Commerce needs are directed to utilize the CashNet service provided by Business Services.