Workstations (Desktops & Laptops)

Requirements

The following are the minimum security requirements that must be followed for each DCL.

UM Data Classification System
Workstations (Desktops & Laptops)
Systems Management
Level 1: Public Data Systems must be managed by an IT pro and put in their appropriate AD (Active Directory) container and tier. From there it will inherit appropriate security policies based on its role. Ex: Local firewall management, system security settings, etc. Operating system and application services security patches are installed expediently (e.g., 30-days) and in a manner consistent with change management procedures. Products that no longer receive security updates from the vendor are not authorized. Workstations must not be configured as servers. Administrator passwords must meet the Password Standard.	Level 2: Sensitive Data Must comply with DCL1 requirements.	Level 3: Restricted Data Must comply with DCL1 and DCL2 requirements. Must have logging enabled according to the University standard. Workstations that hold DCL3 data must be encrypted. University-issued workstations must be encrypted using software/services authorized or provided by the central IT department.(See Encryption Standard)	Level 4: Highly Restricted Data Must comply with DCL1, DCL2 and DCL3 requirements. Workstations that hold DCL4 data must be encrypted. University-issued workstations must be encrypted using software/services authorized or provided by the central IT department.(See Encryption Standard)
Network & Remote Access Security
Levels 1-3: Central IT departments and system administrators must ensure adherence to the Network Security Standard. Automatic joining to unknown or untrusted networks should be turned off. Device should not be used as a hotspot/access point for other devices. University business must not be conducted on public/unsecured wireless networks (e.g., coffee shop Wi-Fi networks) except through the use of VPN or other secure remote access services as provided or authorized by your campus IT department.	Level 4: Highly Restricted Data Must comply with DCL1, DCL2 and DCL3 requirements. To remotely access systems containing DCL 4 data, the remote connection must originate from a university-owned and managed device. No personal devices may be used to remotely access systems containing DCL4 data directly.
Computer Virus Protection
Levels 1-4: A University approved antivirus software must be installed and managed by a centrally supported workstation management tool. Anti-virus software configured to update signatures daily.
Physical Security
Levels 1-4: Computer screens must be locked when unattended. Automatic screensaver lock must not exceed 15 minutes. Desktop computers must be reasonably physically and logically secured when unattended. Computers stationed in public areas (i.e., kiosks), must be physically attache

UM Data Classification System

Workstations (Desktops & Laptops)

Level 1:
Public Data

Systems must be managed by an IT pro and put in their appropriate AD (Active Directory) container and tier. From there it will inherit appropriate security policies based on its role. Ex: Local firewall management, system security settings, etc.

Operating system and application services security patches are installed expediently (e.g., 30-days) and in a manner consistent with change management procedures. Products that no longer receive security updates from the vendor are not authorized.

Workstations must not be configured as servers.

Administrator passwords must meet the Password Standard.

Level 2:
Sensitive Data

Must comply with DCL1 requirements.

Level 3:
Restricted Data

Must comply with DCL1 and DCL2 requirements.

Must have logging enabled according to the University standard.

Workstations that hold DCL3 data must be encrypted. University-issued workstations must be encrypted using software/services authorized or provided by the central IT department.(See Encryption Standard)

Level 4: Highly
Restricted Data

Must comply with DCL1, DCL2 and DCL3 requirements.

Workstations that hold DCL4 data must be encrypted. University-issued workstations must be encrypted using software/services authorized or provided by the central IT department.(See Encryption Standard)

Network & Remote Access Security

Levels 1-3:

Central IT departments and system administrators must ensure adherence to the Network Security Standard.

Automatic joining to unknown or untrusted networks should be turned off.

Device should not be used as a hotspot/access point for other devices.

University business must not be conducted on public/unsecured wireless networks (e.g., coffee shop Wi-Fi networks) except through the use of VPN or other secure remote access services as provided or authorized by your campus IT department.

Level 4: Highly
Restricted Data

Must comply with DCL1, DCL2 and DCL3 requirements.

To remotely access systems containing DCL 4 data, the remote connection must originate from a university-owned and managed device. No personal devices may be used to remotely access systems containing DCL4 data directly.

Computer Virus Protection

Levels 1-4:

A University approved antivirus software must be installed and managed by a centrally supported workstation management tool.

Anti-virus software configured to update signatures daily.

Physical Security

Levels 1-4:

Computer screens must be locked when unattended.

Automatic screensaver lock must not exceed 15 minutes.

Desktop computers must be reasonably physically and logically secured when unattended. Computers stationed in public areas (i.e., kiosks), must be physically attache

��ϱ��

Tools