Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

Vice President of Information Technology and Chief Information Officer, Tom Murphy, approved a revision of the IT Network Policy. Effective January 1, 2025, the revised policy updates the section covering the use of the upenn.edu domain name space.

In summary, this revision adds four new policy statements, clarifies the applicability and qualification expectations of four of the entity types that are eligible to be assigned a third-level domain, and makes a number of editorial improvements to improve clarity.

Three of the new policy statements formalize long-standing practices:

• The second-level domain, upenn.edu, is reserved for services that Information Systems and Computing runs.
• A third-level domain that begins with the underscore character (“_”) is functionally equivalent to upenn.edu itself due to protocol technical specifications and may not be assigned.
• A third-level domain that becomes non-compliant with the policy must be retired and unassigned within twelve calendar months.
• The fourth new policy statement establishes a “VIP Initiative” as one of the entities that is eligible to be assigned a third-level domain, where specification by any one of the offices of the University President, University Provost, or University Executive Vice President qualify.

These changes will help to make the administration and stewardship of the University’s valuable domain name space more predictable, consistent, and efficient.

Questions regarding the IT Network Policy may be addressed to: Dr. Anita Gelburd, IT Policy Committee Chair, gelburda@upenn.edu.

---

For additional tips, see the One Step Ahead link on the Information Security website: https://isc.upenn.edu/security/news-alerts%23One-Step-Ahead.