...
Content moved to /wiki/spaces/cnsit/pages/134355164
Content moved to /wiki/spaces/cnsit/pages/116097054 for completion
Content moved to /wiki/spaces/cnsit/pages/135299312
Content moved to /wiki/spaces/cnsit/pages/135266802
...
| Panel | ||
|---|---|---|
| ||
Check back often for updates This page is being updated frequently to include more information and answers to questions we’ve received. The date this page was last updated can be seen under the page title. If you have a question that isn’t answered on this page yet, please don’t hesitate to reach out. The best way to ask a question is by submitting this question form: This will connect you quickly and directly to the CNS OIT team leading the device enrollment efforts who are best able to answer your questions. |
...
Overall Process and General FAQs
...
...
Who does this impact?
All faculty and staff. Employeed graduate and employeed undergraduate students still need to identify so when options become availible we can communicate to them.
You will be impacted if one of more of the following criteria applies to your role:
Funded by UT and / or external grants
Involved in research that is funded by UT and / or external grants
Requires you to use (including produce, share, access, store) UT data
Many people have multiple roles and there are certain instances where your UT-related activities are outside the scope of this project. Only roles that meet the criteria described above are in scope.
One example of a person who has roles in scope and roles out of scope is a graduate student. Their “TA role” is in scope because they are interacting with students and accessing FERPA data (student information and grades). Their “research staff" role is in scope because they are conducting research and interacting with research data that is being produced as part of a project funded by an external grant and / or UT. Their “student role”, however, is not in scope— this includes their own FERPA data, homework assignments, and course materials that are related to a class in which they are enrolled.
What computers and devices are included?
Any computer that is accessing UT data or used for UT business is in scope for identification. This includes any computer that is:
UT-owned and already managed by CNS OIT, or
UT-owned but not yet managed by CNS OIT, or
provided by the vendor for use controlling a scientific instrument, or
personally-owned
ONLY UT-owned computers are in scope for enrollment into endpoint management
Smartphones and mobile phones are not in scope.
For inventory identification, our current focus is computers, however we may also ask to gather inventory information about other network-connected devices like printers, iPads, or IoT devices such as freezers.
How will this impact me?
You will only be impacted in the ways that are listed under the FAQs “Who does this impact?” and “What computers and devices are included?” It can be helpful to ask yourself, “What roles do I have? Which role is asking me to participate in this activity?” to determine how you may be impacted.
Our current efforts will primarily be with research labs. For more information about this, please see the FAQ Why is this mainly affecting research labs?
How long does the inventory identification take?
10-25 minutes for each computer. It may be more or less time, however, depending on what information we already know about the computer and what information we need to gather.
For more information about what inventory identification includes, please see the FAQ section “Inventory Identification“.
How long does enrollment take?
This is deep
How can I coordinate the process with CNS OIT? Are there options to schedule an appointment?
What if CNS OIT never comes to my area?
We are doing our best to show up to every lab but depending on when we show up there is a chance you may have stepped out.
Endpoint Management (EPM) & Enrollment in Central EPM
...
...
| minLevel | 1 |
|---|---|
| maxLevel | 7 |
| location | top |
Am I expempt from the requirements if I can manage my own computer or do not have confidential data?
All computers used for university business are in scope regardless if they contain confidential data or not per the policy. While there are many tallented technical folk in the college, we must be able to show auditors compliance is met real time and act quickly in the event of an attack on the university. We are unable to do either if the computer is not enrolled in endpoint management.
What will be different after my computer is enrolled?
Below are the most noticeable differences. This is not an exhaustive list.
Administrator accounts and administrative access
...
There is a zero tollerance policy for this that results in termination if required access is abused.
Inventory Identification
...
Why do you need to know how I use my computer?
These are 3 main reasons:
We configure management to minimize disruptions and avoid negative impacts to productivity while adhering to security requirements. The default management configurations are designed based on the average habits and needs of our users, but we evaluate every situation individually.
Troubleshooting is streamlined and a more targeted approach can be taken.
UT is required by state law to identify what classification and types of data are stored on or accessed by a device. Knowing how a device is used helps answer this question.
How are you gathering information?
By getting information from the device itself, and by talking to the device owner or users.
For personal devices:
CNS OIT technicians may navigate through device settings and use Command Prompt or Terminal to gather specific pieces of information. No changes to settings or configurations are made during this process.
If you do not want CNS OIT technicians to touch your personal computer, please let them know. Our technicians will then inform you what information they need and guide you through finding that information.
For UT-owned devices:
When gathering inventory details from the device itself, CNS OIT technicians will use scripts written by our Mac, Windows, and Linux Systems Administrators that return specific pieces of information. These scripts automate the steps our technicians would otherwise perform manually and individually through a combination of navigating through the device settings and using commands in Command Prompt or Terminal. The only configuration change made would be enabling a routine setting that allows scripts to be run if it is not already enabled. The script itself does not make any configuration changes.
You may also see the technicians submit the information provided by the script through a Microsoft Form. This Form is configured to securely submit the data to a database that only CNS OIT staff are able to access. This allows our technicians to record the information more quickly and accurately.
Who has access to the information?
Only staff in positions of special trust with controlled access will be able to access information.
For UT-owned devices, this means CNS OIT staff and authorized UT IT staff including the Information Security Office and systems administrators for the EPM tools.
For personal devices, only CNS OIT staff will have access to all of the information you provide to us. If a personal device has connected to the UT network, authorized UT IT staff including the Information Security Office and ITS Networking will be able to see only specific pieces of information about the computer that make it identifiable on the network.
CNS OIT shares, at specific intervals, aggregate data with CNS leadership. Any information about specific devices or individuals is anonymized before being shared. Certain factors such as department or primary affiliation may be used to categorize data and identify trends.
Personal Computers & Devices Used for Research and UT Business
...
What should I do if I'm currently using a personal device for UT work?
Anyone who uses a personal computer should fill out this form so the college can determine the scale and users' needs. If you supervise anyone such as students or research assistants who use personal computers, please send them the form so they can fill it out as well.
Full-time staff should submit a ticket at https://help.cns.utexas.edu/ requesting a work computer. Tenure-Track faculty should provide funds to address the purchase. Professional track faculty qualify for a university laptop through the Dean’s Instructional Laptop Program. See here for additional information.
Will I be required to enroll my personal computer in EPM?
NO. CNS OIT will not enroll and is not permitted to enroll personal devices in central EPM.
Is there a plan to provide UT laptops to researchers that are currently relying on their personal computer?
We are still working on identifying options based on the needs identified and in collaboration with leadership.
What about undergraduate researchers working in the lab? What if I have a large number of students involved in research throughout the academic year?
We don't have a solution identified yet, but this is a need we are aware of and planning for.
Definitions & Terms
Below is an alphabetized list of frequently used terms and how they’re defined along with an explanation of what that looks like in our environment or implications.
Term | Definition | What does that mean? |
|---|---|---|
Address, addressing a device | Done by CNS OIT in collaboration with the owner. Take actions so the device is capable of performing needed functions and is compliant with security policies. This includes collecting inventory information, making configuration changes to the device, and/or making configuration changes around the device. | Inventory identification will happen for every computer. Some details from inventory identification are used to determine compatibility of the device with EPM. Configuration changes to a computer may include enrollment in central management, adjusting administrative permissions, setting up data backups, installing OS and application updates, among other settings changes. Configuration changes around the computer may include removing it from the network, changing what network it’s connected to, or adding a hardware firewall. |
Data | In the context of information technology, “data” refers to raw, unprocessed facts and statistics collected for reference or analysis. It can exist in various forms, such as numbers, text, images, or sounds, and is used as the basis for computations, analyses, and decision making in IT systems. | |
Endpoint | Any device capable of connecting to the internet and accessing, storing, or sharing information. | Computers, tablets, smartphones, security cameras, and printers are all considered endpoints. In the context of this project, “endpoint” will most commonly be referring to a computer. |
Endpoint Management (EPM), management | A set of tools used by IT to employ policies designed to protect access to University computers, data, and resources by securing computers and identifying the presence of specific security vulnerabilities. | Currently, we have EPM tools for computers (macOS, Windows, and Linux) and iPads. See the FAQ “What will be different after my computer is enrolled?” for more details. |
Enroll, enroll in management, enrollment in central management | Done by CNS OIT in collaboration with the owner. Install software that connects a computer to the centralized Endpoint Management (EPM) systems, then use the EPM systems to set up policies for regular installation of updates and enable security configurations. | See the FAQ “What will be different after my computer is enrolled?” for more details. |
Inventory identification | Gather details about a computer that are used to identify a device, who is responsible for it, and aid in support. | CNS OIT will gather details about the computer’s hardware from the device itself. We will talk to the owner and/or users of the device to find out information about how the device is used and by whom. See the FAQ section “Inventory Identification” for more details. |
Owner, device owner | The individual who owns the device or who is responsible for making decisions about the device. | For research labs, the PI is assumed to be owner for each device. The owner can delegate responsibilities (such as approving changes) at their discretion. |
Personal, personally-owned | Purchased using personal funds that did not originate from a UT account. Belongs to the individual. | |
Scientific data | As defined by the NIH’s Data Management and Sharing Policy, scientific data are defined as, “the recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications.” | This includes:
As defined by the NIH, Scientific data do not include:
|
Used for University business | Any device that is used to store, process, access, or share data that is owned by the University or produced during and/or for the purpose of performing University duties. | Using a computer in these ways would make that computer used for University business:
Any UT work or UT resources being accessed as a student does not count (e.g. submitting your own coursework via Canvas). |
UT business, University business | Any activity that is occurring as the result of, in service of, or to further the mission of The University of Texas at Austin and / or the values and impact of the College of Natural Sciences. | Research, undergraduate education, graduate education, and public service. |
UT data, University data | Any information or insights that are generated, collected, processed, or stored while conducting UT business. Any data stored on or in a UT-owned device, account, or service. | Including digital files, recordings, emails, employee records, financial transactions, operational documentation such as SOPs, metadata, and all data produced as part of research— even if it does not meet the criteria for scientific data. A UT-owned service would be anything you sign into using your EID or any licensed software / service that is paid for with UT funds. This includes UTMail, UT Box, Qualtrics, and Microsoft 365 (e.g. Outlook, Teams, OneDrive, SharePoint). Your own personal information and personal data protected by HIPAA, FERPA, or another federal or state law is not considered UT data when it is in your possession. For example, accessing my own medical records after a visit to University Health Services is not considered accessing UT data. A member of University Health Services staff accessing my medical records after my visit is considered accessing UT data. |
UT-owned | Purchased using UT funds, including grants. Owned by the University of Texas at Austin. | For research labs that came to UT from another University: all devices originally purchased at a prior institution and were brought to UT are UT-owned and required to be transferred from the prior institution’s inventory to UT’s inventory. Devices picked up from surplus or acquired from the UT surplus store are also UT-owned. |