...
As part of a college-wide communication sent on May 9, 2024, CNS OIT announced that a project to enroll networked computers is underway. Security policies for device configuration and management state UT business must be performed using computers enrolled in the central EPM platform and administered by trained IT staff. Additionally, IT staff must be able to prove all devices meet minimum security standards. CNS OIT is taking proactive steps to minimize hinderances to productivity that may be imposed by future quarantines while becoming compliant with policy. These policies exist not only due to state and federal regulations, but also to protect UT from cyberattacks and security risks that threaten our ability to carry out UT’s mission.
Auditors have found that devices connected to the network— and specifically, computers— are one of the largest security risks we have. To address this risk, the Endpoint Management (EPM) Centralization and Standardization Program was created and its use written into policy at the direction of the President of The University of Texas at Austin, the Executive Vice President and Provost, and the Information Security Office.
Enforcement of these policies is increasing and campus the Information Security Office may begin taking drastic measures including locking EIDs, quarantining devices from the UT network, or blocking devices from accessing UT services. We aim to address compliance before such methods are used.
...
Establish an inventory of computers connected to CNS UT networks.
Enroll all UT-owned computers in central EPM and/or take all measures required to make each UT-owned computer compliant with UT policies while maintaining the ability to perform required functions.
Understand the use of personal computers for UT business, and use that understanding to collaborate with Dean Vanden Bout and CNS leadership to identify options for addressing the use of personal computers.
| Panel | ||
|---|---|---|
| ||
CNS OIT's role in achieving the vision of CNS is to transform technology from a hinderance into a facilitator. With comprehensive knowledge of policy and technology, we aim to mitigate constraints imposed by compliance to enable our faculty, staff, and researchers as they drive community, discovery, and impact at scale. |
What does this look like?
Current Effort
Two stages comprise the current effort:
Stage 1: Inventory Identification of all Networked Devices
...
What does this look like?
Current Effort
Two stages comprise the current effort:
Stage 1: Inventory Identification of all Networked Devices
CNS OIT technicians are going door-to-door through CNS buildings to identify devices connected to the UT network. We’re working with building managers to send a message to the building before we begin. If you’re not on your building's email list, we recommend reaching out to your building manager.
...
Identify any devices connected to the UT network and record hardware and contact information. This includes (but isn't limited to) computers, printers, sensors, firewalls, local switches, networked instruments, and AV equipment.
Assess the state of computers by reviewing inventory information and discussing with the device owner. For research labs, this is the PI or a lab member they identify. CNS OIT techs will ask questions that help determine the compatibility between the computer's required functions and management.
For computers already enrolled in management, CNS OIT techs will check the status of data backups using CrashPlan and help configure backups if neededat the descresion of the device owner.
Forcing enrollment or addressing a computer will not occur without proper assessment of the device and discussion with the owner.
Stage 2: Addressing UT-Owned Computers
...
All UT-owned computers must fall into one of the following categories to be considered compliant:
...
Using the information from Stage 1 and through discussions with the device owner, a plan will be made to identify what actions need to take place. Then, steps will be taken to address the computer and make it compliant. No steps to address a computer will be made without approval from the device owner.
Going forward
Once CNS OIT has completed inventory identification (described under Stage 1 above) in a building:
...
If an IT device will connect to the network (e.g. computer, printer, WiFi-connected sensorswired or wireless), it must be vetted by CNS OIT prior to purchase and all computers must also be delivered to CNS OIT to enroll into management. This is defined in IRUSP standard 19.6.
...
Please contact CNS OIT by sending an email to help@cns.utexas.edu. If you don’t have a specific item in mind, CNS OIT can assist . We’re also able to create quotes and assign them and provide customized quotes to your purchasing agent.
...
Network access will be limited to devices that must be on the network. If the device does not need network access to perform work, it is best to leave it disconnected from the wired and wireless network.
Please submit a Network Connectivity request through the CNS OIT Help Form to create a ticket directly with our CNS OIT Network Networking team.
Personal Computers
We are using the basic information collected to identify all possible options to address the use of personal devices for University businessto provide information to leadership so they can make dessions accordingly. In order for us to contact you once options have been identified and before a quarantine goes into affect, we must know about these devices.
We don't yet have a timeline of when a plan will be developed or what that may look like. As options are identified, they'll be communicated to those impacted. At this time, we're also not sure how that communication will be sent.
If you will be onboarding new staff who typically supply their own computer (such as graduate students, TAs, and undergraduate research assistants), please contact CNS OIT so we can assist with identifying options to address your need.
...