Please report any level of incident, no matter how small. The Information Security office will evaluate the report and provide a full investigation if appropriate.
Substantive Change: Security of Network Connected Devices standard
Last modified
May 8, 2024 - 10:19am
Post date
November 16, 2020 - 5:31am
Effective: November 5, 2020
This standard was substantially changed to a degree that it is not possible to list all the changes. Reviewing the revised standard carefully is highly recommended
Changed
- Revised Purpose and Background section to be simpler, shorter, more readable.
- Combined and revised the three sections
- Security Requirements For Networked Devices,
- Minimum Security Requirements For Uva Devices
- Minimum Security Requirements For Personally-Owned Devices
INTO new section:
Security Requirements For All Network Connected Device and incorporated sub-sections Devices Accessing University Data and Individually Managed University Devices into this new section by revising the items into bulleted lists for clarity and ease of reference.
- Renamed and revised the section: Additional Security Requirements for UVA Devices and elevated and combined Centrally or Departmentally Managed University Devices sub-section to:
Additional Security Requirements For Managed Devices Accessing, Collecting, Displaying, Generating, Processing, Storing, Or Transmitting University Data- Items revised and made into bulletted lists for clarity and ease of reference.
- Elevated and revised sub-section, “Devices Accessing Regulated Information” to section called, Additional Security Requirements For Managed Devices Accessing, Collecting, Displaying, Generating, Processing, Storing, Or Transmitting University Data Regulated Data
- Devices that have exceeded end of life support need an approved exception.
- Changed UVA to University for consistency.
Added
Not all additions are listed. Again, reviewing the revised standard carefully is highly recommended.
- Added new section: Additional Security Requirements for Email Services
- Under Security Requirements for All Network Connected Devices: Devices are not modified to remove vendor provided security protections (e.g., jailbreak).
Removed
Not all items removed are listed. Again, reviewing the revised standard carefully is highly recommended.
- The Highly Senstive Data (HSD) Requirements section was removed. The Use of HSD standard addresses these items.