| Operating System | Maintain current supported version as designated by UIS configuration management | X | X | X |
| Patching | Apply security patches within 48 hours if any vulnerability is present that meets these conditons: - CVSS > 7
- Tenable > 3
- Vendor “Critical”
- Exploitable via remote action
| X | X | X |
| Whole Disk Encryption | Enable FileVault2 for Mac, BitLocker for Windows. | X | X | X |
| Malware Protection | Install Endpoint Defense Management agents (Crowdstrike Falcon, Tenable) | X | X | X |
| Centralized Logging | Forward logs to UIS Splunk. | X | X | X |
| Backups | Back up user data at least daily. University IT Code42 CrashPlan is recommended (option to set personal password). Encrypt backup data in transit and at rest. | | X | X |
| Inventory | Review and update asset assignment records regularly. | X | X | X |
| Configuration Management | Install configuration management agents as appropriate (Tanium/Jamf/Intune, etc) | X | X | X |
| Regulated Data Security Controls | Implement PCI DSS, HIPAA, or export controls as applicable. | not permissible | not permissible | X |
