Versions Compared

Version Old Version 11 New Version 12
Changes made by

Matt Davidson

Matt Davidson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Content Zone
minLevel1
maxLevel7
locationtop

Am I expempt from the requirements if I can manage my own computer or do not have confidential data?

All computers used for university business are in scope regardless if they contain confidential data or not per the policy. While there are many tallented technical folk in the college, we must be able to show auditors compliance is met real time and act quickly in the event of an attack on the university. We are unable to do either if the computer is not enrolled in endpoint management.

What will be different after my computer is enrolled?

...

Operating system and application security updates

As defined in Minimum Security Standard 4.5.2 for Systems: “Operating system and application services security patches are installed expediently (e.g., 30-days) and in a manner consistent with change management procedures. Products that no longer receive security updates from the vendor (e.g

...

.

...

For specifics about what types of updates are installed and which applications are updated by EPM, please see the FAQ “What updates are done by management?"

...

, unsupported) are not authorized.”

Operating Systems:

...

Is my computer compatible with EPM?

Apple computers: Only supported operating systems can be enrolled into endpoint management.

Windows computers:

  • Must be compatible with Windows 11, or compatible with Windows 10 with a replacement plan identified (Windows 10 reaches End of Life in October 2025 and will not be allowed after that date without a temporary ISO approved exception).

Linux computers:

What if my computer isn’t compatible with EPM?

If your computer isn’t compatible with EPM due to a technical business justification, and an exception from management can be requested. More information about exceptions are in the FAQ What qualifies for an exception from management? What does an exception entail?

If incompatibility is due to hardware or software limitations such as not being able to run a supported version of the operating system, there are two main options: taking the computer offline, or purchasing a new computer.

What does an exception entail? CNS OIT will work with the device owner to understand the situation and identify options.

...

  • Situation: The computer is an instrument controller provided by the vendor. Enrolling the computer in management is a violation of the service agreement with the vendor and would cause issues with the software used to control the instrument.

  • Security measures taken to meet compliance: A hardware firewall configured by CNS OIT is installed in front of the computer. The computer is then only able to connect to a select number of devices in the lab, UT Box, CrashPlan, and an IP address range supplied by the vendor used for remote support including updates to the instrument and software.

  • What these measures accomplish: The computer will be less vulnerable to attacks from external sources. If the computer were to become infected or be compromised, it’s ability to infect or other computers on the network or compromise UT data is limited. These are protections that EPM provides through a combination of firewall rules, system configurations, and anti-virus software. The computer is still able to control the instrument and receive support from the vendor. Data can be automatically backed up to a file server, UT Box, or CrashPlan, making it easy to access from another computer for analysis and decreasing the chance of data loss.

...

No. CNS OIT does not look at nor monitor the data anyone has on their computer. The only time we intentionally touch data on a computer is if we are assisting in data recovery or if we are legally required to do so such as during a FOIA request. In these cases, CNS OIT does not open, look at, nor review any files beyond verifying the data is not corrupted. CNS OIT also ensures data storage and transmission is secure and accessible only by those authorized to do so.

There is a zero tollerance policy for this that results in termination if required access is abused.

Inventory Identification

Table of Content Zone
minLevel1
maxLevel7
locationtop

What information are you gathering?

...

What information we’re collecting

...

Collected for UT-owned computers?

...

Collected for personal computers?

...

Why we’re collecting it

...

Why do you need to know how I use my computer?

...

  1. We configure management to minimize disruptions and avoid negative impacts to productivity while adhering to security requirements. The default management configurations are designed based on the average habits and needs of our users, but we evaluate every situation individually.

  2. Troubleshooting is streamlined and a more targeted approach can be taken. We look for patterns based on how a computer is used, and deviations from those patterns help us identify the underlying problem.

  3. UT is required by state law to identify what classification and types of data are stored on or accessed by a device. Knowing how a device is used helps answer this question.

For personal computers, knowing how you use your personal computer for UT business will help us in identifying options as we collaborate with CNS leadership to address the use of personal devices for UT business.

How are you gathering information?

...

CNS OIT technicians may navigate through device settings and use Command Prompt or Terminal to gather specific pieces of information. No changes to settings or configurations is are made during this process.

...

Full-time staff should submit a ticket at https://help.cns.utexas.edu/ requesting a work computer. Tenure-Track faculty should provide funds to address the purchase. Professional track faculty qualify for a university laptop through the Dean’s Instructional Laptop ProgramSee here for additional information.

Will I be required to enroll my personal computer in EPM?

...

Is there a plan to provide UT laptops to researchers that are currently relying on their personal computer?

Not right now. We are still working on identifying options based on the needs identified and in collaboration with CNS leadership.

What about undergraduate researchers working in the lab? What if I have a large number of students involved in research throughout the academic year?

...