Minimum IT Security Standards
Thursday, April 18, 2024
Minimum Security Standards
These standards are intended to reflect the minimum-security configurations necessary for devices that create, access, store or transmit University data. Devices should be configured in accordance with the highest data classification used on the device.
Please note that these standards will be revised and updated accordingly to ensure and compliance with current cyber security best practices.
| Endpoint Security Configuration | |||
|---|---|---|---|
|
Security Control |
High Risk |
Moderate Risk Data |
Low Risk Data |
| Whole Disk Encryption | Required | Required | Recommended |
| No Administrative Privileges | Required | Required | Recommended |
| Device/System Registration | Required | Required | Recommended |
| Use Only Supported Operating Systems | Required | Required | Required |
| Patching/Updates Installed within 30 days of release *automatic patching recommended* | Required | Required | Required |
| Anti-Virus/Endpoint Protection Installed & Active | Required Managed AV |
Required Managed AV |
Required |
| Enrollment in Enterprise Active Directory | Required | Required | Recommended personal machines N/A) |
| Use Enterprise Authentication | Required | Required | Recommended |
| Inactivity Lock | Required 10 minutes |
Required 10 minutes |
Recommended |
| Only Use Approved Applications | Required | Required | Recommended |
| Use UA-PTC Owned Computers | Required | Required | Recommended |
| Properly Secure (locks, locked offices, secured cabinets, etc.) | Required | Required | Recommended |
| UA-PTC Support | Required | Required | Recommended (personal machines N/A) |
| Additional For Server Computers | |||
|
Security Control |
High Risk |
Moderate Risk Data |
Low Risk Data |
| Configure using CIS Security Standards | Required | Required | Required |
| Campus Supported by IT | Required | Required | Recommended |
| Physically Secure in IT approved Data Centers | Required | Required | Recommended |
| Must reside behind IT approved Firewall | Required | Required | Recommended |
| Access to data requires MFA | Required | Recommended | Recommended |
| Data files require encryption in transit | Required | Required | Required |
| Data files require encryption at rest | Recommended | Recommended | Recommended |
| Mobile Devices (Smartphones, Tablets) | |||
|
Security Control |
High Risk |
Moderate Risk Data |
Low Risk Data |
| Lock with a password or PIN | Required | Required | Recommended |
| Encrypt the device | Required | Required | Recommended |
| Limit stored email messages with PII/Data to 200 msgs or 14 days of msgs | Required | Required | N/A |
| Use UA-PTC Approved Apps | Required | Required | N/A |
| Manufacturer Supported Operating System | Required | Required | Required |
| Must have remote wipe capability enabled in the event of a lost or stolen device | Required | Required | Recommended |
| No tampering with device (“Jail breaking”) | Required | Required for UA-PTC owned mobile devices |
Required for personally owned devices accessing UA-PTC resources |
Contact IT Services
University of Arkansas - Pulaski Technical College
Information Technology Services
A Building, Room 111
3000 West Scenic Drive
North Little Rock, AR 72118
Hours: 8:30 a.m. - 4:30 p.m. (Monday - Friday)
Help Desk: (501) 812-2780 (For the best results, be in the presence of the device/application prior to calling.)
Submit IT Ticket: uaptc.edu/it-ticket
Workday Support: uaptc.edu/workday
