DRAFT 07/25/08
NJMS / UMDNJ Minimum Network Connectivity Requirements
BACKGROUND / INTRODUCTION / SCOPE
The following standards are intended to ensure the availability, reliability, and security of UMDNJ’s electronic resources.
All devices must satisfy these standards, as appropriate, before connecting to the campus network. Additionally, devices known to be vulnerable, to present a security risk, or to be infected with malicious software (see below) must not be connected to the campus network or to devices on the campus network. Devices not meeting these requirements are subject to being blocked or disconnected from the campus network. Individuals are also subject to the provisions of the Acceptable Use Policy.
Please note that these are minimum standards only. Additional requirements apply to systems that contain or access restricted data. Units, departments or Information Systems and Technology (IST) may elect to apply more stringent standards and/or guidelines.
Exceptions:
The requirements in this document are not intended to restrict University research, instructional, or administrative activities. Situations may also exist where implementing one or more of these requirements as written would compromise the usability of a critical system or application, or is prohibited by regulation. Requests for exceptions for these purposes may be appropriate. Such requests must be approved in advance by the CIO of IST and the local school or unit IT Director. Exceptions, including any relevant conditions and review date, must be documented. Implementation of additional measures may be required when exceptions are granted.
MINIMUM NETWORK CONNECTIVITY REQUIREMENTS
1. Software Updates
Devices connected to the campus network must run versions of operating system and application software for which security updates are made available. These updates must be installed in a timely fashion.
2. Malicious Software Protection
Where applicable for specific operating systems, malicious software protection (including antivirus, anti-spyware, and protection against spam bots) must be running and properly configured, including up-to-date definition files. Note: Non-Core computers can download Symantec Anti-virus software while on campus at: http://euc.core.umdnj.edu/
3. Access Control Measures
Access control measures such as passwords or other secure authentication processes must be used to ensure only authorized individuals are able to access controlled electronic information resources. When passwords are used, they must comply with the UMDNJ Password Policy.
4. Physical Security and Session Timeout
Reasonable measures must be taken to ensure the physical security of University computing equipment. Measures include physical restraints or locking devices, or physically secure facilities. Devices that access restricted and/or essential resources that are left unattended for an extended period of time should employ measures, such as session timeout or lockout mechanisms, that require re-authentication before users return to interactive use. Devices that host confidential or critical information may be subject to additional requirements.
5. Unnecessary Network Services
Network services, processes, or ports offered by a device must be disabled, turned off, or removed if they are not necessary or appropriate for the intended purpose or operation of that device.
GETTING HELP
For questions about any of these requirements, contact
. The IST Support Center at 3x3200, or
. Your local school or unit IT group: njmsts@umdnj.edu
POLICY REFERENCES:
http://umdnjcaprod.umdnj.edu/ist/about_IST/policies_index.shtml