IT Security Standard: Managed Computer / Endpoint Configuration

Brief Description

This standard addresses the management and review of Bowdoin managed computers/endpoints to maintain access control on all systems.  These standards apply to anyone who has a campus managed computer/endpoint such as faculty, staff, students, parents, alumni, vendors, volunteers, affiliates, and members of the public. 

Related Policies

Introduction

This standard exists to ensure that access to Bowdoin managed computers/endpoints maintains confidentiality, integrity and availability.  Management of physical computers/endpoints is critical in protecting sensitive data and minimizing risks to the College.

Scope

This standard applies to all computer systems in all campus departments.  This includes all computer hardware purchased and owned by the College.  Any one of these devices may contain sensitive or restricted data processed by the College and as such must be protected in the event the endpoint is lost or stolen.

The target audience is anyone who has responsibility for using, and managing Bowdoin purchased endpoints. 

Standard

Required

  • Computer hardware with built in storage must be encrypted.
  • The device must have installed all necessary software solutions in use to protect the endpoint.
    • The CrowdStrike sensor must be installed on any managed endpoint that supports it.
  • The device must be bound or tied to a central management system managed by Bowdoin College.
  • Local administration access is not given out by default and is evaluated on a case by case basis.

Recommended

  • BIOS password set for Windows-based computers
  • EFI Firmware password set for Apple computers
  • Multi-factor authentication for remote connections.

Definitions

Encryption - The process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.

Endpoint - The purchased and managed Bowdoin College computer asset.

Non-Compliance and Exceptions

Systems may be scanned or physically examined for compliance with this standard at any time. Systems found in non-compliance with this standard may be removed from the network until they do comply.

If it is technically infeasible for an information asset to meet this standard, departments must submit a request for exception to the CIO and Information Security Officer for review and approval.

Implementation

Effective Date

February 1, 2019
Review Frequency Annual
Responsible Officer Chief Information Officer

Details

Article ID: 71622
Created
Thu 2/7/19 9:07 AM
Modified
Thu 11/19/20 3:58 PM