
Protocols may be enabled as needed if sufficient controls are in place to prevent unauthorized access.
Have remote access protocols such as RDP and SSH disabled by default. To the extent possible, all endpoints must: Special-purpose endpoints designed for controlling laboratory instrumentation, endpoints designated for public access, or digital signage are exempt from screen lock if sufficient controls are in place to prevent unauthorized access. Endpoints must activate a screen lock after 15 minutes of inactivity. Administrator access on workstations shall only be provided to end users that need such access to perform their job functions. Special-purpose endpoints that cannot be updated to supported Operating Systems may be permitted by the institutional IS Designee to connect to UW’s networks if sufficient controls are implemented to segregate the system(s) from the rest of the network.Įnd user and/or Administrator access on endpoints must be implemented in accordance with the principle of least privilege.
Any endpoint which has been found to be actively infected with malicious and/or unauthorized software which cannot be neutralized by the endpoint’s malware protection software must be isolated from the rest of the network until appropriately triaged.Įndpoints with Operating Systems that have reached the end-of-life support shall not be permitted to connect to the UW’s networks. All endpoint protection software must be actively managed, including ensuring the latest versions of the endpoint protection software are periodically updated and associated definition files are updated within 24 hours of release. Anti-malware software must be actively running in a mode which automatically takes corrective action when possible and must not be capable of being disabled temporarily or permanently by end users. All file systems must be scanned periodically for malware. Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Responsible UW System OfficerĪssociate Vice President for Information Security 3. The purpose of this procedure is to provide a formal structure for the deployment and management of endpoint protection systems and controls used to mitigate Information Security (IS) threats throughout the University of Wisconsin (UW) System. Original Issuance Date: February 17, 2022Įffective Date: Febru1.