I am going to try my best to reply to all the questions!
The standard calls for UNM owned devices to be joined to UNM’s domain. The driver behind this statement is to setup a first layer of security. As we talk about access to protected data of any type, devices, whether personal or UNM owned, that do not meet certain criteria, will not be granted access to this data. Encryption will come into play as these discussion continues regarding data classification and the access to such data.
This standard applies to virtual desktops. Any non windows tablet owned by UNM will fall under mobile device management to access protected data.
I agree a 200 page document should be condensed. We will work with Security to get a security standard for end user devices developed and vetted in the coming months.
The WSUS is available and scalable for campus.
Any OS that is end of life, no longer supported must not connect to the UNM network.
For those of you who have workers off site, if they are working with protected data, must have a way to get updates, scan computer for virus, must have access to KMS. Let’s talk if you have these situations.
Symantec is available for windows, Mac, Linux. All three OSes have personal firewall functionality.
Wireless at this time does not allow for AD authentication. It is on the roadmap.
As for compliance, that process has not been fully designed. In my opinion, this standard would not a true/false statement but more of an assessment of maturity or levels of compliance.
- This reply was modified 8 years, 3 months ago by tjm. Reason: correct an grammar error