CSS Minimum Computer Security Standards

From CSS Wiki

Jump to: navigation, search

Classroom Support Services Minimum Computer Security Standards

Contents

Context and Purpose

These standards are being implemented to help protect CSS computing. Any unprotected computer is at a much greater risk of becoming compromised and therefore is a potential threat to the University Washington and CSS computing resources. The goal is to ensure that all CSS computers that are properly managed and protected.

These standards do not replace the UW established Minimum Computer Security Standards standards which all devices must still comply with.

Applicability

CSS Employee Accessing Domain Resource

These standards apply to any device that access CSS Domain or Classroom Domain resources via authentication. It does not apply to devices that access domain resources via non-authenticated connections (such as DNS queries).

Devices (Servers, Desktop, and Laptop Computers)

  • Operating System must be configured for auto-patching.
  • Appropriate anti-virus software installed and patched.
  • Be free of local user accounts.
  • Restrict access to authorized users only.
  • Use the Least Privileged Model for all accounts.
  • All accounts must meet password complexity requirements.
  • User login occurs via domain NTLMv2 authentication.
  • Windows Machines must apply the CSS Domain Security Template.
  • Windows Machines must be a member of the appropriate CSS domain and OU.
  • Free of internal or external unauthorized system modifications.
  • Exist in a single boot mode, with other boot options disabled.
  • Devices must be running one of the following Operation System:
    • Windows XP Professional with Service Pack 2.
    • Windows Vista Business, Ultimate or Enterprise.
    • Apple OS X.
    • Debian Linux, latest version.

CSS Employee Accessing Secure Web And Remote Resource

These standards apply to any device that access CSS Web and Remote resources via authentication, such has HTTPS, SSH and Remote Desktop. It does not apply to devices that access resources via non-authenticated connections, such as our CSS homepage. The CSS Technical Assistants forum is treated under the same rules as UW e-mail.

Devices (Servers, Desktop, and Laptop Computers)

  • Operating System must be configured for auto-patching and be up to date.
  • Appropriate anti-virus software installed and patched.
  • Restrict access to authorized users only.
  • Use the Least Privileged Model for all accounts.

Non-compliance

Connected devices found to be out of compliance with this standard will be disconnected from CSS resources. Departmental owned equipment will be modified to restore them to compliance. Efforts to prevent data loss if this occurs will be preformed on a best efforts basis.

Retrieved from "http://www.css.washington.edu/wiki/CSS_Minimum_Computer_Security_Standards"