Thank you for the reply, TJ. Some additional feedback based on your response:
1) It seems like “End User Device Support” extends far beyond managed workstations and that the SLA for that cohort is nowhere near inclusive enough to cover “End User Device Support”. This goes back to my comment that the name for this standard shows that the contents of this standard are nowhere near broad enough to cover what “End User Device Support” really covers, or the name is incorrect and needs to reference “UNM-owned” or “UNM Managed” systems.
2) I do not agree that the UNM enterprise anti-virus solution is preferable. I would not be providing good service to my users if I install a program that will significantly slow down my users’ machines without providing any measurable improvement in stability or protection, which is especially true on older machines that are struggling for system resources to begin with. Having an enterprise-level anti-virus solution is great for areas that do not have robust images or IT support, but there needs to be a way for areas to meet this requirement without having to prescribe to only one solution if another can meet the same level of protection, particularly if it offers a massive performance increase to boot. This was one thing that the Data Center Standard did so well – it offered guidelines and a general “toolbox” of options but did not require that any single solution had to be employed.
2.5) Why is this standard focused on “preventing data loss” (I’m assuming you’re meaning in a security/data protection sense)? Isn’t that the Data Security Standard? Why would we re-define security standards (including anti-virus) in this document when they should be defined in a much larger sense. That standard doesn’t exist yet, but this standard should still simply reference the Data Security Standard and this can be done very simply with a single line – “All systems must adhere to the UNM Data Security Standards as set forth in <insert link here>”.
3) Wireless AD would be great! But I don’t think we can add it to a standard that REQUIRES people to join AD using a solution that doesn’t yet exist. If this is an auditable standard then if wireless AD doesn’t exist then, in order to comply, we MUST join the devices to the domain via whatever method IS available, which simply isn’t doable with currently existing technology on campus.