Baseline Security Standards
ITS Security Baseline Security Standards for Enterprise/Sponsored Equipment
- System will need to be security vetted for the information being processed
- Administered by an authorized named individual
- Remains under positive control by administrator
- Does not jeopardize or interfere with other systems or data
- All devices and equipment will be evaluated for security posture similar to all other university equipment on the network
Hardening requirements:
- Default usernames and passwords changed and meet W&L password standards
- Protected against unauthorized access
- Unneeded or insecure network services must be disabled
- Operating system, firmware, and software must be kept up to date
- Segmentation, isolation, and communication protocols will be scoped to minimum necessary
- Deprecated or unsupported hardware must be replaced or compensating controls approved by CISO or CIO must be implemented
ITS Security Baseline Security Standards for Personal Equipment
- There are no guarantees devices will function on the university network
- Administered by a named individual
- Protected against unauthorized access
- Does not jeopardize other systems or data
- Remains under positive control by owner
- All devices and equipment may be evaluated for security posture similar to all other university equipment on the network
- Network communications are restricted to outbound only