Carnegie Mellon University School of Computer Science
Quick Links: StudentsFacultyStaffSubmit a Ticket
~help  /  web-services  /  SCS Subdomain Policy

SCS Subdomain Policy

Usage guidance and subdomain request and support policy

 

Policy Overview

This policy defines how to request, use, and maintain subdomains under the cs.cmu.edu domain. It governs the domain structure, subdomain request process, usage expectations, and support responsibilities for the School of Computer Science (SCS).

The policy ensures:

  • Consistent use of the SCS brand and identity
  • Compliance with university acceptable use policies
  • Security and stability of the cs.cmu.edu domain infrastructure
  • Intended Audience: Faculty, staff, students and researchers within SCS who manage or request web space or websites.

Decision Rationale

SCS restricts the creation of new subdomains under cs.cmu.edu to maintain a secure, consistent, and unified web presence. Experience has shown that unregulated subdomain growth creates fragmentation, security vulnerabilities, and inconsistent branding. The preferred approach using subdirectories under cs.cmu.edu keeps things simpler, more secure, and helps SCS websites be easier to find and recognize across the university.

Default Guidance: Use a Subdirectory

All SCS websites and online content must use a subdirectory under cs.cmu.edu unless an approved exception applies. The subdirectory structure, also called a “tilde (~) page,” uses the Andrew File System (AFS) to host personal or project directories. AFS project volumes can be requested through the SCS Help Desk.

  • Structure:  Subdirectory (Recommended)
  • Key Benefit: Utilizes SCS’s AFS volume structure while leveraging the relationship to cs.cmu.edu for branding/recognition. It can also be forwarded to a 3rd party host/site via redirection.
  • Format: cs.cmu.edu/~volumename
  • Core CMU/SCS Content: Static, public-facing content, projects, events, and academic unit pages.
  • Access: Native SCS Linux hosts with AFS access or FTP clients such as Fetch.

Subdomain Considerations and Exceptions

Subdomains such as xyz.cs.cmu.edu (fourth-level domains) are treated as separate websites by search engines and require independent maintenance, certificates, and monitoring. Because of this administrative and security overhead, subdomains are approved only under exceptional circumstances.

  • Existing Subdomains: These are grandfathered under prior policies. New subdomains are no longer supported or maintainable going forward and will be approved only under the special circumstances outlined in the Approval Basis section. Over time, existing subdomains may be reviewed for consolidation or retirement.
  • Subdomain (Exception Only): Full 4th level domain for internal CMU-hosted and secure server. Generally not approved. Exceptions would be requests involving school-wide impact or initiatives. Such requests would be considered by the SCS Web Steering Committee.
  • Technical Subdomain (Internal/IT): Full 4th level domain for internal CMU-hosted and secure technical use server. Generally approved for departmental IT, backend or internal use. This type of request is vetted by SCS Computing. If approved, the request will be relayed to CMU Network Operations for creation.
  • Subdomain Redirection (Redirection only): 4th domain redirection to 3rd party host within or outside of CMU. 3rd party destinations insert a number of concerns including security, maintenance and branding/reputational concerns. If approved, request will be vetted and if approved, redirection is handled by SCS Computing.

Approval Basis

Generally, we will not approve subdomains, except for department-level technical use (5th level subdomains), high-visibility and/or SCS Web Steering Committee-approved cross-departamental initiatives. Subdomain approval may be granted due to:

  • Technical Necessity: You must use a non-CMU CMS (e.g., WordPress, GitHub Pages) or require technical isolation.
  • Existing Departmental Domain Structure: A department may request a subdomain under their 4th level domain. Using LTI as an example: newname.lti.cs.cmu.edu.
  • Dean’s Office approved initiative or project: This is a project, initiative or group with school-wide or university-wide significance. These will be evaluated and considered on a case-by-case basis.

Important: If we (SCS) choose to approve a subdomain, its owners are responsible for maintenance, visitor and site security, vulnerability mitigation and content considerations.

Technical Rationale for Restricting Subdomains

The creation of new subdomains has been restricted to protect the SCS domain’s security, reputation, and operational integrity.

  • Security Risks: Every subdomain carries your brand’s trust — if abused or misconfigured, it can be used for phishing, malware, or hijacking (subdomain takeover). Wildcard or unused subdomains expand your attack surface.
  • Technical & Management Problems: Too many subdomains slow DNS performance, complicate SSL/TLS certificate management, and clutter monitoring systems.
  • SEO Damage: Search engines treat subdomains as separate sites, diluting your domain authority.
    Random redirects confuse crawlers and hurt rankings.
  • Brand & Trust Issues: Users lose confidence when subdomains redirect to unrelated or unsafe sites.
    One bad subdomain can tarnish your entire domain’s reputation.
  • Legal/Compliance Risks: Redirecting to external sites can expose you to privacy or liability issues if those sites host problematic content.

Support and Responsibilities

We do not and will not offer redirection using reverse proxy/routing alias configurations that result in visitors believing they are on our website while going elsewhere. We will ONLY offer full or transparent redirection, which takes the user to the destination site (with full address bar visibility of the new site they are on).

SCS Computing and SCS are not responsible for managing or administering third party websites, including those not produced or hosted within our supported CMS. Site owners are responsible for maintaining a secure, accessible and compliant web experience for their visitors. The SCS Dean’s Office, in collaboration with SCS Computing, provides a CMS specifically for department-level sites that represent an official SCS unit. This CMS is not available for individual research groups, labs, or projects. If you manage a department-level site and would like to migrate it to this CMS, contact tcp@cs.cmu.edu. Those responsible for non-departmental sites should use CMS options offered by the University CMS team. More information is available on the Computing Services website.

Request and Review Process

Submit a subdomain or AFS directory request through the SCS Help Desk at help@cs.cmu.edu. SCS Computing reviews for technical need, branding, and policy compliance. If exceptional, the request will be  forwarded to the SCS Web Steering Committee. Approved subdomains must meet ongoing maintenance and security standards.

Sections