Policy No: 2077 Responsible Office: Office of Information Security Last Review Date: 03/24/2021 Next Required Review: 03/24/2023
Endpoint Protection Policy
This policy is designed to help prevent infection of University of South Alabama (USA) computers and computer systems by computer viruses and other malicious code. This policy is intended to help prevent damage to user applications, data, files, and hardware.
This policy applies to all University General Division departments that deploy, sponsor, manage, or utilize workstations, laptops, or other computer devices on the USA network or in a commercial cloud. This policy also applies to all employees and faculty of USA; as well as vendors, contractors, partners, collaborators and any others doing business or research with USA. Any other parties, who use, work on, or provide services involving USA computers and technology systems will also be subject to the provisions of this policy. Every user of USA computer resources is expected to know and follow this policy. This policy does not cover student owned computer devices.
Computer device: Any type of device connected to a network that may become compromised by malicious software. Examples of computer devices would be, but not limited to, workstations, servers, laptops, tablets, smartphones, or other smart devices.
Malicious software: Any type of computer code that comprises a computer device and performs a malicious action. This is sometimes perpetrated by computer viruses, worms, trojans,etc.
Anti-Virus or Anti-Malware software: Runs on a computer device and monitors for malicious software or connections. This software is generally reactive, meaning a signature file must be developed for each new malware variant discovered and these files must be sent to the software in order for the software to find the malicious code.
Virus definition files: Periodic files provided by vendors to update the anti-virus software to recognize and deal with newly discovered malicious software.
4. Policy Guidelines
All University of South Alabama owned desktop and laptop computers connected to the USA network or networked resources must have anti-virus software installed, with the following provisions:
- A licensed anti-virus software currently supported by the Computer Services Center must be utilized; and
- The licensed anti-virus software utilized must be the most current version available and supported by the manufacturer.
Public (internet) facing servers must have anti virus/malware software installed. If the server cannot have anti-virus/malware software installed, see “Exceptions” in Procedures. Other computer devices may be exempted from this requirement as noted in the Procedures section.
Anti-virus/malware software must be installed and configured in a way that allows for consistent, repeatable, and up to date protection of the computer device and data. The procedures below describe the minimum steps needed to allow for this protection and exceptions to the policy.
- The anti-virus/malware software must be active, must be scheduled to perform virus checks at regular intervals or when a file is introduced to the system, and must have its virus definition and all other associated software files kept current;
- No user shall disable or tamper with the configuration of anti-virus software installed on their respective computer;
- Employees who allow non-USA employees to attach workstations (desktops or laptops) to the USA network are responsible for ensuring that those workstations are running anti-virus software and that a current virus signature is installed; and
- Employees who attach a personal or USA owned workstation, or other computer device, to the USA network are responsible for ensuring that the workstation/device is running anti-virus/malware software and that a current virus signature is installed.
Exceptions to this policy may be allowed if:
- The computer device cannot have anti-virus/malware software installed. Possible examples of this would be servers not configured as client systems, vendor-controlled systems, or devices where anti-virus software has not yet been developed. In these cases, the system administrator must develop a plan, such as employing compensating controls, to protect the device from infection before connection to the USA network;
- VM clients that are non persistent; and
- The infected computer device is discovered that performs a critical function and may not be immediately taken “off-line” without seriously impairing some business function. Under those circumstances, a plan will be developed to allow the computer device to be taken off-line and the infection purged while protecting the function of the device.
If deemed necessary to prevent propagation to other networked devices or detrimental effects to the network or data, an infected computer device may be disconnected from the network until the infection has been removed. This will be done under the direction of the Computer Services Center, the technology coordinator or computer support specialist in conjunction with the affected personnel and the USA Information Security Office.
All departments and units are required to follow and implement this policy. Failure to do so will result in an unacceptable risk to the University and the computer device being disconnected from the network.