Endpoint Protection Standard Policy

Endpoint Protection Standard

Endpoints Owned by NCSU:

All NCSU purchased endpoints must be managed by IT in a Configuration Management System (CMS). Deadline for First Phase (departments with professional IT support) is by June 30, 2019 and a second Phase for departments that are recently managed within the last year or with no IT support, by December 2020. This means that any PC or server must be in Active Directory (AD) and Macs must be in JAMF. AD and JAMF are Configuration Management Systems  (CMS) that will automatically provide the updates and features to keep your endpoint in compliance with the Endpoint Protection Standard. We also have CMSs for Linux machines and Chromebooks.

Benefits of joining a CMS:

  • Automatic mapping to your department share on the server (S: drive) - Users should not manually map to the server share!
  • Automatic OS updates and patching
  • Automatic patching of other software
  • Enables remote access for our IT Staff to assist you
  • Inclusion in department inventory database
  • Ability for our IT staff to assess any vulnerable software and take action
  • Your campus unityid and password is synched and used on the computer
  • Meets the Endpoint Security Standard (See list of controls here: https://policies.ncsu.edu/rule/rul-08-00-18/#University_owned_Endpoints

>>If your department is managed by CALS IT and you are unsure if your computer is joined to a CMS, please contact us to assess: calsit-help@ncsu.edu. Otherwise, cntact your IT Support Professional in your department.<<

Is there an exception process?

There is a form to request exceptions . If you have a legitimate business need and justification, you may get approved for an exception. However, that may result in your computer being moved to a more restrictive private network. We can assist with these exceptions. Email us.

Endpoints Not Owned by NCSU

(includes personal and other institution devices)

Non-NCSU computers and devices also have to abide by the Endpoint Protection Standard (EPS).  Though the list of controls is shorter, there are levels that must be met and clear guidelines on the types of data allowed to be accessed and stored on these devices. See https://policies.ncsu.edu/rule/rul-08-00-18/#Endpoints_not_Owned_by_the_University.

What happens if I do not meet the deadline or standard of controls?

Violations of this standard will be handled in accordance with REG 08.00.02 – Computer Use Regulation. Violations may result in the endpoint being blocked or removed from the network. Endpoints being blocked will remain blocked until brought into compliance. In addition, their owners or responsible parties may be disciplined in accordance with Section 5 of REG 08.00.02.