Memorandum
| To: | Deans, Directors, and Department Heads |
|---|---|
| From: |
Marc Hoit |
| Subject: | Endpoint Protection Standard (EPS) |
| Date: | September 27, 2018 |
To help protect university data and to comply with regulatory and university requirements, the university has published a new Endpoint Protection Standard (EPS), which outlines minimum requirements for all “endpoints” (laptops, desktops, servers, smartphones, and so forth) that connect to the NC State network. Anyone using a personal device to connect to the NC State network and access university data has a responsibility to implement endpoint-protection controls as specified in the EPS standard.
Endpoint-protection controls vary in intensity depending on several variables including accessing data versus storing data on endpoints, endpoint ownership, and the level of data sensitivity (for example, ultra-sensitive, highly sensitive, or moderately sensitive). In some cases, using university-owned endpoints to access or store sensitive data is “Recommended (R).” However, when the data is ultra-sensitive or highly sensitive, it’s “Mandatory (M).” See the Endpoint Protection Standard for details.
By June 30, 2019 (end of first EPS-implementation phase), all Windows-based and macOS-based endpoints must be managed by an approved Configuration Management System (CMS). A management environment for Linux endpoints is in the process of being approved and will be implemented during a later phase. For those with IT responsibilities, see Configuration Management Systems at NC State for details.
The following controls are available now and must be implemented by June 30, 2019 for all university-owned endpoints: anti-malware, antivirus, software inventory, authentication, and Sensitive Data Identification and Remediation. Visit the EPS Implementation Phases page for deadline details. The university is relying on campus IT support staff to implement this standard for their respective areas. See Section 8 of the standard if you need an exception.
For additional information, please visit the Endpoint Protection Standard Implementation page and the associated FAQs. If you have any questions or concerns, please contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP).