Campus policies related to computers
Detailed below are UMD Policies that members of the Campus Community are required to abide by. The Engineering IT Service Desk is responsible for implementing these policies to the best of our ability.
The following two links offer detailed explanations of the University's, and the University System of Maryland's, policies. They are further summarized below.
UMD's Information Security Standards
Information on Designated Non Capital Assets
At a practical level, these policies lay out the following:
- Your responsibilities as a member of the UMD Community are as follows and are further detailed at our Support Options - Engineering, Math, Physics article:
- According to the CIO of UMD, "remember that your UMD owned device should only be used for the purposes of performing UMD duties related to your role. Other personal digital activities such as reading/sending personal email, online banking, or the viewing of non-work related videos must be done on a personally owned device."
- Ensuring your device is receiving the latest security updates/patches
- Computers must be centrally managed and operating systems used must be supported by the vendor. If this is not the case, a written exception must be granted by the Division of IT.
- For computers that are centrally managed, you will be expected to reboot the machine at least monthly to ensure security patches, approved by Campus and EIT, take effect. Note that the central management will require rebooting and it is to your benefit for you to pick the time rather than it being forced on you.
- For computers granted an exception by DivIT to not be centrally managed, you are then solely responsible for ensuring security patches to operating systems and applications are kept up to date.
- Physical security
- Keep devices and equipment in locked areas.
- Do not leave portable devices unattended.
- Disposal of old equipment and devices
- University-owned Equipment MUST be disposed of through the appropriate, and required, process to ensure data security is maintained. Contact EIT (eit-help@umd.edu, x51634) for disposal of old devices.
- University-owned Equipment MUST be disposed of through the appropriate, and required, process to ensure data security is maintained. Contact EIT (eit-help@umd.edu, x51634) for disposal of old devices.
- According to the CIO of UMD, "remember that your UMD owned device should only be used for the purposes of performing UMD duties related to your role. Other personal digital activities such as reading/sending personal email, online banking, or the viewing of non-work related videos must be done on a personally owned device."
- Inventory Management
- All desktops, laptops, servers, tablets, and cell phones owned or leased by UMD must be tagged and put into inventory. Any devices that cost less than $5,000 are considered DNCA. Any devices over $5,000 are considered capital assets.
- Engineering IT Operations is acting as the asset specialist for DNCA. The asset comes to us first to be tagged and configured.
- All desktops, laptops, servers, tablets, and cell phones owned or leased by UMD must be tagged and put into inventory. Any devices that cost less than $5,000 are considered DNCA. Any devices over $5,000 are considered capital assets.
- Software that is installed by default from Campus or Engineering IT:
- Clearpass OnGuard network authentication
- This is required by the Division of Information Technology for all UMD owned computers.
- This is required by the Division of Information Technology for all UMD owned computers.
- Crowdstrike anti-virus
- This is required by the Division of Information Technology for all UMD owned computers.
- This is required by the Division of Information Technology for all UMD owned computers.
- Insight VM
- This will be required in the near future by the Division of Information Technology to ensure that all computers are up to date on patches.
- This will be required in the near future by the Division of Information Technology to ensure that all computers are up to date on patches.
- Lansweeper
- This is used by Engineering IT for inventory purposes to help meet DNCA requirements.
- This is used by Engineering IT for inventory purposes to help meet DNCA requirements.
- MakeMeAdmin (Windows) or Privileges (Mac)
- In required situations, this allows authorized users to elevate privileges for a brief period of time to install software or make configuration changes. Running as a privileged user on a regular basis is not allowed by the Division of IT.
- In required situations, this allows authorized users to elevate privileges for a brief period of time to install software or make configuration changes. Running as a privileged user on a regular basis is not allowed by the Division of IT.
- Central management and authentication
- This is required by the Division of Information Technology for all UMD owned computers.
- Macs
- JAMF for management and JAMF Connect for UMD authentication
- Self service installation
- Security patches
- Configuration
- Windows
- AD/InTune for management and UMD authentication
- Self service installation
- Security patches (Ninite for 3rd party apps)
- Configuration
- Linux
- Glue Linux
- Kerberos for UMD authentication
- Puppet for management
- Security patches
- Configuration
- Non-Glue Linux
- LDAP/Kerberos for UMD authentication
- Puppet or Ansible for management
- Security patches
- Configuration
- Glue Linux
- Clearpass OnGuard network authentication