Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
The standard, Security of Network-Connected Devices Standard, was extensively changed and renamed to Security of Connected Devices Standard.
Reviewing carefully the revised standard and is highly recommended.
Title of the standard to “Security of Connected Devices”
First subtitle dropped ‘Network-“and added “All” so title is: “Security Requirements for All Connected Devices”
Second subtitle dropped “managed” from subtitle, making the title: “Additional Security Requirements For Any Devices Accessing, Collecting, Generating, Processing, Storing, Or Transmitting University Data”
Moved “Remove or disable unnecessary applications and services.” to the SECURITY REQUIREMENTS FOR ALL CONNECTED DEVICES section from the ADDITIONAL SECURITY REQUIREMENTS FOR ANY DEVICE ACCESSING, COLLECTING, GENERATING, PROCESSING, STORING, OR TRANSMITTING UNIVERSITY DATA
Existing item: Vulnerability detection solution (such as Qualys Cloud Agent) must be used on devices meeting the following criteria: changed to: Qualys Cloud Agent, the UVA licensed Vulnerability Management solution, must be installed, configured, and running.
Item: Logs are configured in such a way to prevent alteration or deletion. Re-worded to Device should be configured in such a way to prevent alteration or deletion of logs.
Item: Keep an inventory of devices up-to-date with all required information. Re-worded to: Schools and departments must keep an up-to-date inventory of all devices with all required information.
Under Additional Security Requirements For Email Services
Under SECURITY REQUIREMENTS FOR ALL CONNECTED DEVICES
Under Additional Security Requirements For Any Device Accessing, Collecting, Displaying, Generating, Processing, Storing, Or Transmitting University Data
Under Additional Security Requirements For Email Services
Definitions
Under ADDITIONAL SECURITY REQUIREMENTS FOR ANY DEVICE ACCESSING, COLLECTING, GENERATING, PROCESSING, STORING, OR TRANSMITTING UNIVERSITY DATA.
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.