Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
The standard, University Data Protection Standard, removed the two exceptions, one for vulnerability scanning (Exception 268) and one for periodic scanning for Highly Sensitive Data (HSD; Exception 230). The requirement for periodic scanning for HSD was removed in the Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media standard. Technical requirements, including whole disk encryption for individual-use devices on the HSVPN, replaced the requirement for periodic scanning for HSD on such devices.
The requirement for networked-device vulnerability scans must be performed and remediated per the requirements in the Security of Network Connected Devices standard
Reviewing carefully the revised standard is highly recommended.
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.