University of Minnesota Duluth
 
 
Search | People | Departments
Information Technology Systems and Services.
ITSS home

Procedures for UMD Desktop, Laptop, and Device Management

May 20, 2014

The purpose of these procedures is to describe special requirements for end-user device management that apply on the UMD campus. The focus of these guidelines is desktop computers, laptop computers, or devices such as tablets or smart phones. Requirements apply to all University-owned equipment as well as personally-owned equipment used to access University data.

All who use such devices must comply with the University of Minnesota Security Policies and Information Security Standards. UMD Information Technology Systems and Services (ITSS) will provide oversight and assistance for the entire campus.

In the event that it is impossible for some policy or standard to be implemented, the unit must request a risk assessment from University Information Security, who will document the exception. ITSS will ensure that such a risk assessment is completed and will monitor for compliance.

ITSS provides Active Directory service for Windows devices that provides appropriate configuration and management automatically. All end users with Windows devices are strongly encouraged to use this service. ITSS is developing a similar service, Casper, for Macintosh devices. Using these services will move the compliance burden from the individual user to ITSS.

Data Security Classification

The first thing an end user must do is to review the types of data stored on each device used.

Procedures for managing devices will vary depending upon the classification of the data stored on the device. End users must review the Policy on Data Security Classification as well as the accompanying Appendix on Identifying Security Level.

Devices that store private highly-restricted data must be given extra security, and end users of such systems must work closely with ITSS to ensure this. Special requirements for such devices are spelled out in the sections below. In particular, mobile devices used by those in the Health Care Component

Authentication

All devices must comply with the authentication requirements outlined in Basic Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Configuration

All devices must comply with the configuration requirements outlined in Basic Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Devices that access private highly-restricted data must be managed by ITSS to meet the Enhanced Configuration requirements outlined in Enhanced Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices. An Information Security Standard on patching is in development.

Device Registration, Inventory, and Deregistration

UMD ITSS is responsible for maintaining a list of all devices that access private highly-restricted data. All users of such devices must register them with ITSS. ITSS will do an annual survey to ask for device information.

For devices not reported in the annual survey and accessing private highly-restricted data, please email the ITSS Help Desk (helpdesk@d.umn.edu) to provide registration information. Similarly, send email when you are planning to transfer or dispose of such a device.

Units are responsible for keeping a complete inventory of devices that access business data. Devices that access private highly-restricted data must be designated in the inventory. Units must designate an individual to work with ITSS to ensure these devices are managed properly.

Encryption of Laptops and Portable Devices

Devices that access private highly-restricted data must be encrypted by ITSS to meet the Enhanced Configuration requirements outlined in Enhanced Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Devices must also meet the End User Device Encryption Standard.

Firewalls

All devices must comply with the firewall requirements outlined in Basic Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Devices must employ device firewalls and in some instances network firewalls that meet the device firewalls and network firewall standards.

ITSS will provide specialized network firewalls for devices that access private highly-restricted data.

Management

Devices that access private highly-restricted data must be managed by ITSS to meet the Information Technology Support requirements outlined in Enhanced Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices. An Information Security Standard on patching is in development.

Devices must also meet the Management of End User Device Standard, the Operating System Access Control Standard, and the User Administrative Privilege Standard.

ITSS provides Active Directory service for Windows devices that provides appropriate configuration and management automatically. All end users with Windows devices are strongly encouraged to use this service. ITSS is developing a similar service for Macintosh devices.

In order for ITSS to manage these devices effectively, it is imperative that devices be registered as described in a previous section.

Media Sanitization

Users of end-user devices must follow the Media Sanitization Standard before a device can be recycled, sold, or returned to the vendor. See also the Secure Data Deletion and Secure Disposal of Equipment section of Enhanced Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

ITSS can sanitize and dispose of devices for UMD units. Devices that hold private highly-restricted data must be disposed of through ITSS.

Personal Mobile Devices

Those who use personal mobile devices for University business must follow the Guidelines for Use of Personal Mobile Devices for University Business including PHI. Those employees designated as part of the Health Care Component of the University must also comply with Google Apps for AHC and HCC.

Physical Security

Devices that access private highly-restricted data must meet the Physical Security requirements outlined in Enhanced Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Devices storing private University data that are lost or stolen must be reported immediately according to the Policy on Reporting and Notifying Individuals of Security Breaches. Please notify the ITSS Help Desk (helpdesk@d.umn.edu) to begin this process.

Security Patches

All devices must comply with the security patches requirements outlined in Basic Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

Technical Vulnerability Management

All devices must comply with the Technical Vulnerability Management - University Community Member Standard.

Virus/Malware Protection

All devices must comply with the anti-virus protection requirements outlined in Basic Security for Computers and Other Electronic Devices, a set of procedures associated with the Policy on Securing Private Data, Computers, and Other Electronic Devices.

All devices must comply with the Virus/Malware Protection Standard by ensuring that anti-virus software is installed and running. Devices that access private highly-restricted data must have anti-virus logs managed as well.

Resources

Securing Private Data, Computers, and Other Electronic Devices

Data Security Classification

Identifying Security Level

Security Policies

Information Security Standards


© 2014 University of Minnesota Duluth
The University of Minnesota is an equal opportunity educator and employer.
Last modified on 05/20/14 10:57 AM
University of Minnesota Campuses
Crookston | Duluth | Morris
Rochester | Twin Cities | Other Locations