Substantive Change: University Data Protection Standard

Last modified
August 11, 2023 - 11:04am

The standard, University Data Protection Standard, removed the two exceptions, one for vulnerability scanning (Exception 268)  and one for periodic scanning for Highly Sensitive Data (HSD; Exception 230).  The requirement for periodic scanning for HSD was removed in the Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media standard.  Technical requirements, including whole disk encryption for individual-use devices on the HSVPN, replaced the requirement for periodic scanning for HSD on such devices. 
The requirement for networked-device vulnerability scans must be performed and remediated per the requirements in the Security of Network Connected Devices standard 

Reviewing carefully the revised standard is highly recommended.