Will this standard apply to Virtual Desktops (VDI), Windows Embedded, or RT products?
Responsibilities Section:
Some of these standards say there will be a yearly review or “appropriate periodic review”. Will this standard be reviewed yearly?
Compliance Section:
“This standard has been developed, under and is subject to, all UNM policies”
From UNM Policy 2560: “Draft standards will be developed by the IT Managers Council and then sent to the IT Agents Networking Group for review and comment. The Networking Group will forward their comments to the IT Managers Council for consideration. The Council will publish the proposed standard on the CIO website and solicit comments from the campus. The IT Managers Council will update the standard based on campus comment and submit it to the IT Cabinet for review.”
“UNM Administration” needs to be defined. Which departments or offices are part of determining compliance.
Installation, Warranty and Equipment Maintenance Section::
“Ensure that equipment is properly and routinely cleaned and maintained”
What criteria is UNM Administration, Internal Audit, and UNM IT using to evaluate whether equipment has been properly and routinely cleaned?
Equipment Set up, Integration and, Security Section:
There is a reference to best practices but none are listed on FastInfo. Also the 200 page document linked in this section has little relevance to the purpose of defining best practices. The only mention of best practices in this document is for Virtualiation, VOIP, Cloud Computing, and mobile devices.
“Operating systems must be within manufactures product life cycle”
What is the exceptions process for this? If there is a mission critical hardware device attached to that machine that is incompatible with updated product offerings?
“Windows based operating systems must receive regular updates and patches through UNM IT Enterprise Update Servers (WSUS)”
Are WSUS services available over UNM Wireless? Off site users? Also, there is not mention of an enterprise OS X update solution. What is the standard for updating UNM owned Apple devices? Is there a UNM repository for Linux/UNIX updates?
“Use Enterprise grade deployment tools such as but not limited to Casper, SCCM, LanDesk, and Symantec Ghost to push, deploy or otherwise manage UNM SOE (Standard Operating Environment)”
How does this affect departments who can’t use a tool like this due to cost, incompatibility issues, or it just doesn’t make sense to have a system that size for a smaller department? Some of these are very expensive systems and it does not make fiscal sense to force a department to purchase an “Enterprise grade deployment tool” to be compliant with the standard. Also, which agency determines if a deployment tool is “Enterprise grade”. Microsoft provides many deployment solutions at little/no cost but are these invalidated because they are not considered “Enterprise grade”?
“All UNM owned devices must utilize Microsoft Active Directory (AD) authentication and be joined to either HEALTH or COLLEGES UNM domains.”
For non-Windows/OS X devices do those have to be joined as well? Will Active Directory services be available over the UNM wireless? What security measures have been taken to encrypt communications of the UNM enterprise wireless network so that users can authenticate against the domain while on UNM property? What about users who have an assigned duty station not on a UNM network? Is UNM prepared to offer an off site solution for Active Directory authentication? What is the time frame for moving to that so departments can be compliant with the requirements of this standard?
“Must use the UNM IT enterprise Key Management Server license (KMS)”
What about users who work off site? Will the KMS server be adjusted to allow connections from outside UNMs network? Currently activations are pulled after 180 days and if a user has a UNM device at home and doesn’t touch the UNM network, the license is pulled from their machine. IT Software Distribution has been instructed to not give departments individual license keys which would activate a perpetual license on that device.
Antivirus Section:
“Must use the UNM IT enterprise managed solution”
Is this a requirement for OS X machines? Also, for UNM owned devices that are running a non Windows/OS-X operating system, is there an antivirus client available for Linux/Unix based operating systems?
Support Plan Section:
“Ensure secure connection and advise on personal firewalls”
What is a personal firewall? Is this a “Host-based firewall”?