...
Content will be moved to: /wiki/spaces/cnsit/pages/134252169 (page for that OS)
Content moved to /wiki/spaces/cnsit/pages/134355164
...
| Panel | ||
|---|---|---|
| ||
Check back often for updates This page is being updated frequently to include more information and answers to questions we’ve received. The date this page was last updated can be seen under the page title. If you have a question that isn’t answered on this page yet, please don’t hesitate to reach out. The best way to ask a question is by submitting this question form: This will connect you quickly and directly to the CNS OIT team leading the device enrollment efforts who are best able to answer your questions. |
...
| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
What’s going on?
As part of a college-wide communication sent on May 9, 2024, CNS OIT announced that a project to enroll networked computers is underway. Security policiesfor device configuration and management require UT business must be performed using computers enrolled in the central EPM platform and administered by trained IT staff. Additionally, IT staff must be able to prove all devices meet minimum security standards to auditors. CNS OIT is taking proactive steps to minimize hinderances to productivity that may be imposed by future quarantines while becoming compliant with policy. These policies exist not only due to state and federal regulations, but also to protect UT from cyberattacks and security risks that threaten our ability to carry out UT’s mission.
Auditors have found that devices connected to the network— and specifically, computers— are one of the largest security risks we have. To address this risk, the Endpoint Management (EPM) Centralization and Standardization Program was created and its use written into policy at the direction of the Executive Vice President and Provost, and the Information Security Office.
Enforcement of these policies is increasing and the Information Security Office may begin taking drastic measures including locking EIDs, quarantining devices from the UT network, or blocking devices from accessing UT services. We aim to address compliance before such methods are used. We do not have a timeline on when this will happen thus we are trying to address as many devices to help the community out before this happens. Should you choose to wait on addressing your system until the quarantines take place, you run the risk of extensive downtime as everyone in this state is addressed.
This work aims to achieve the following outcomes:
Establish an inventory of computers connected to UT networks.
Enroll all UT-owned computers in central EPM and/or take all measures required to make each UT-owned computer compliant with UT policies while maintaining the ability to perform required functions.
Understand the use of personal computers for UT business, and use that understanding to collaborate with leadership to identify options for addressing the use of personal computers.
What does this look like?
Current Effort
Stage 1: Inventory Identification of all Networked Devices
CNS OIT technicians are going door-to-door through CNS buildings to identify devices connected to the UT network. We’re working with building managers to send a message to the building before we begin. If you’re not on your building's email list you can sign up here.
The team of CNS OIT technicians will:
Identify computers connected to the UT network and record hardware and contact information. This includes (but isn't limited to).
UT Owned computers:
Assess the state of computers by reviewing inventory information and discussing with the device owner. For research labs, this is the PI or a lab member they identify. CNS OIT techs will ask questions that help determine the compatibility between the computer's required functions and management.
For computers already enrolled in management, CNS OIT techs will check the status of data backups using CrashPlan and help configure backups at the descresion of the device owner.
Personally purchased computers:
Supply this link so we can provide options once they become available. See below.
Stage 2: Addressing UT-Owned Computers
All UT-owned computers must fall into one of the following categories to be considered compliant:
Enrolled into management
Removed from the network
Exception from management approved by the Dean and filed with the ISO, in combination with additional security measures.
Note: This option requires a technical justification approved by CNS OIT, the Dean, and the ISO. For more information about exceptions, see the FAQ What qualifies for an exception from management? What does an exception entail?
Using the information from Stage 1 and through discussions with the device owner, a plan will be made to identify what actions need to take place. Then, steps will be taken to address the computer and make it compliant.
Forcing enrollment or addressing a computer will not occur without proper assessment of the device and discussion with the owner.
Going forward
Personal Computers
We recognize there are a number of reasons computers in this state such as grant stipulations and we are working through this with leadership. There could be opertunities to use existing centrally provided funds so it is imperative this form is filled out.
We are using the basic information collected to provide information to leadership so they can make dessions accordingly. In order for us to contact you once options have been identified and before a quarantine goes into affect, we must know about these devices.
We do not have a timeline when quarantines will take place, should it take place before personal computer usage is addressed, we need a way to suply a list to the information security office to come up with a intermediate plan.
Purchase of ALL devices must go through CNS OIT and computers must be enrolled in management
If an IT device will connect to the network (wired or wireless), it must be vetted by CNS OIT prior to purchase and all computers must be delivered to CNS OIT to enroll into management. This is defined in IRUSP standard 19.6.
If a device will not connect to the network and cannot store UT data (e.g. keyboard, monitor), then purchase doesn’t have to go through CNS OIT. We are happy to assist in verifying compatibility.
Please contact CNS OIT by sending an email to help@cns.utexas.edu. If you don’t have a specific item in mind, CNS OIT can assist and provide customized quotes to your purchasing agent.
Network access and design requires collaboration with CNS OIT
Any device will only be permitted on the wired or IoT wireless network after CNS OIT completes an inventory survey and verifies the device meets policy requirements. Any devices that connect to the network without CNS OIT involvement will be removed from the network at an unspecified time.
For new labs or renovations, CNS OIT needs be brought into discussions early to help design and implement the infrastructure to ensure your needs will be met. Infrastructure changes such as adding new ethernet ports are almost always needed and are faster (and less expensive) when identified from the start.
Network access will be limited to devices that must be on the network. If the device does not need network access to perform work, it is best to leave it disconnected from the wired and wireless network.
Please submit a Network Connectivity request through the CNS OIT Help Form to create a ticket directly with our Networking team.
If you will be onboarding new staff who typically supply their own computer (such as graduate students, TAs, and undergraduate research assistants), please fill out this form we can assist with identifying options to address your need.
Non-computer networked devices (e.g. printers)
No action is planned at this time. Once the ISO identifies a need, CNS OIT will create a plan and communicate it to CNS. Requests to connect new devices to the network will be reviewed and only devices that need to be networked and meet security requirements will be allowed online, as mentioned above.
FAQs
Overall Process and General FAQs
...