An endpoint is defined as any laptop, desktop, or mobile device.
1. Determine the risk level by reviewing the data, server and application risk classification examples and selecting the highest applicable risk designation across all. For example, a endpoint storing Low Risk data but accessing a High Risk application should be designated as High Risk.
2. Follow the minimum security standards in the table below to safeguard your endpoints.
| STANDARDS |
FREE OF CHARGE |
RECURRING TASK |
WHAT TO DO |
LOW |
MEDIUM |
HIGH |
| PATCHING |
✓
|
✓
|
Apply security patches within seven days of publish. Use a supported OS version. |
✓
|
✓
|
✓
|
| WHOLE DISK ENCRYPTION |
✓
|
|
Enable FileVault2 for Mac through Self Service, BitLocker for Windows. Install MDM on mobile devices. |
✓
|
✓
|
✓
|
| MALWARE PROTECTION |
✓
|
|
Install antivirus (Cortex by Palo Alto recommended). |
✓
|
✓
|
✓
|
| BACKUPS |
✓
|
|
Backup user data at least daily. NSave CrashPlan PROe is recommended for all University Endpoints. |
✓
|
✓
|
✓
|
| CONFIGURATION MANAGEMENT |
✓
|
|
Install Casper Suite or SCCM. |
Recommended |
Recommended |
✓
|
| REGULATED DATA SECURITY CONTROLS |
✓
|
|
Implement PCI DSS, HIPAA, or export controls as applicable. |
|
|
✓
|
| FIREWALL |
✓
|
|
Enable local firewall in default deny mode and permit minimum necessary services. |
✓
|
✓
|
✓
|
Computing Equipment
Any UNK-provided desktop or portable device or system, or any non-UNK desktop or portable device or system used to access UNK-provided data or services.
Masked number
- A credit card primary account number (PAN) has no more than the first six and the last four digits intact, and
- All other Prohibited or Restricted numbers have only the last four intact. See the entire DSS 3.1 Standard (if you are willing to agree to some terms).
NIST-Approved Encryption
The National Institute of Standards and Technology (NIST), develops and promotes cryptographic standards that enable U.S. Government agencies and others to select cryptographic security functionality for protecting their data. Encryption which meets NIST-approved standards is suitable for use to protect UNK data if the encryption keys are properly managed. In particular, secret cryptographic keys must not be stored or transmitted along with the data they protect. Cryptographic keys have the same data classification as the most sensitive data they protect.
Payment Card Industry Data Security Standards
- The practices used by the credit card industry to protect cardholder data.
- The Payment Card Industry Data Security Standards (PCI DSS) comprise an effective and appropriate security program for systems that store, process, or transmit card payment data. The most recent version of the PCI DSS is available here.
Protected Health Information (PHI)
All individually identifiable information that relates to the health or health care of an individual and is protected under federal or state law. For questions about whether information is considered to be PHI, contact the University Privacy Officer.
Qualified Machine.
A computing device located in a secure UNK facility and with access control protections that meet the Payment Card Industry Data Security Standards.
Student Records Information
Data maintained by UNK and under jurisdiction of the Family Educational Rights and Privacy Act (FERPA) tenets. Student Records include UNK-held student academic transcripts and other related academic records (official and unofficial), and UNK-held records related to:
- academic advising
- health/disability
- academic probation and/or suspension
- conduct (including disciplinary actions)
- Directory information and other biographical and personal data maintained by the Office of the University Registrar and/or other UNK offices.
- Applications for student admission are considered to be Student Records at the point the application has been received and accepted and acknowledged as such by UNK.
