Minimum Security for Endpoints

StandardsWhat to doLow Risk SystemModerate Risk SystemHigh Risk System
Operating SystemMaintain current supported version as designated by UIS configuration managementXXX
PatchingApply security patches within 48 hours if any vulnerability is present that meets these conditons:
  • CVSS > 7
  • Tenable > 3
  • Vendor “Critical”
  • Exploitable via remote action
Whole Disk EncryptionEnable FileVault2 for Mac, BitLocker for Windows.XXX
Malware ProtectionInstall Endpoint Defense Management agents (Crowdstrike Falcon, Tenable)XXX
Centralized LoggingForward logs to UIS Splunk.XXX
BackupsBack up user data at least daily. University IT Code42 CrashPlan is recommended (option to set personal password). Encrypt backup data in transit and at rest. XX
InventoryReview and update asset assignment records regularly.XXX
Configuration ManagementInstall configuration management agents as appropriate (Tanium/Jamf/Intune, etc)XXX
Regulated Data Security ControlsImplement PCI DSS, HIPAA, or export controls as applicable.not permissible  not permissibleX