Substantive Change: University Data Protection Standard

Last modified
June 4, 2024 - 5:32pm

The standard, University Data Protection Standard, removed the two exceptions, one for vulnerability scanning (Exception 268)  and one for periodic scanning for Highly Sensitive Data (HSD; Exception 230).  The requirement for periodic scanning for HSD was removed in the Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media standard.  Technical requirements, including whole disk encryption for individual-use devices on the HSVPN, replaced the requirement for periodic scanning for HSD on such devices.  
The requirement for networked-device vulnerability scans must be performed and remediated per the requirements in the Security of Network Connected Devices standard 

Reviewing carefully the revised standard is highly recommended.