Minimum Security for Endpoints

Standards What to do Low Risk System Moderate Risk System High Risk System
Patching Apply security patches 48 hours:
  • CVSS > 7
  • Qualys > 3
  • Vendor “Critical”
  • Remotely Exploitable
Other patches within 14 days.
Use a supported OS version.
Whole Disk Encryption Enable FileVault2 for Mac, BitLocker for Windows.
Install MDM on mobile devices.
Malware Protection Install Symantec Anti-Virus X X X
Centralized Logging Forward logs to UIS Splunk. X X X
Backups Back up user data at least daily. University IT Code42 CrashPlan is recommended (option to set personal password). Encrypt backup data in transit and at rest. X X
Inventory Review and update Snipe-IT records quarterly. Maximum of one system per record. X X X
Configuration Management Install Tanium Client. X X X
Regulated Data Security Controls Implement PCI DSS, HIPAA, or export controls as applicable. X