Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
The standard, “Granting and Restricting Elevated Workstation Privileges", (or just "Elevated Workstation Privileges") was extensively changed and renamed to Administrative Privileges on University Endpoints Procedure. The document was changed from a standard to a procedure because it details what steps you must take to be compliant. In addition, the orientation was changed from user and privilege focus to being aligned with the UVA data classifications and elevated administrative privileges.
Reviewing carefully the revised standard/new procedure is highly recommended.
The following phrases were changed:
The tables were simplified into one small table. Please consult the actual procedure.
Procedures for endpoint managers and the difference between temporary and persistent elevated administrative privileges.
The requirement of an asset inventory of all endpoints on which the assigned user has elevated administrative privileges.
New Related Links were added to the procedure.
As with all our standards and procedure revisions, this one was reviewed by the Information Technology Services (ITS) directors, the Security Advisory Committee, and the Information Security leadership team and approved by the Jason Belford, CISO.
A carefully review of the revised/new procedure is highly recommended.
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.