The standard, University Data Protection Standard, removed the two exceptions, one for vulnerability scanning (Exception 268) and one for periodic scanning for Highly Sensitive Data (HSD; Exception 230). The requirement for periodic scanning for HSD was removed in the Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media standard. Technical requirements, including whole disk encryption for individual-use devices on the HSVPN, replaced the requirement for periodic scanning for HSD on such devices.
The requirement for networked-device vulnerability scans must be performed and remediated per the requirements in the Security of Network Connected Devices standard
Reviewing carefully the revised standard is highly recommended.
Printer-friendly version