To help ensure the security of University data, all workstations must be secured according to the standards listed below.
- University-owned workstations must be managed by a centrally supported workstation management tool.
- For workstations running a Windows operating system.
- Workstations must be managed through the University's Active Directory system.
- Each computer object must be joined to the domain and be in the appropriate AD container and tier.
- Workstation must have the "Shared Documents" folder disabled.
- The local Administrator account must be renamed, and the guest account must be disabled.
- Basic security settings must be enforced by technical policy.
- Local firewall must be turned on.
- Patching must be enforced.
- Local account passwords must meet the University's standards for length and complexity.
- Security standards should be based on an industry accepted best practice. (NIST, CIS, Microsoft Security Baseline, etc...)
- A University approved antivirus software must be installed and managed by a centrally supported workstation management tool.
- For University owned systems, the department or central IT must keep an inventory including serial number and owner information.
- Users must authenticate to the device using a centrally managed authentication service. They must use a named account, not a generic resource account, for authentication purposes.
- Administrative access to the workstation requires the use of a dedicated administrative account.
- Exceptions to these standards must be approved by the campus ISO and will be reevaluated on a periodic basis.