Campus policies related to computers

What are the campus policies related to computers?

Here is a link to the campus policies related to computers and a second link for designated non-capital assets (DNCA).

https://it.umd.edu/about-dit/governance/it-policies-standards-guidelines/standards

https://finance.umd.edu/asset-management/designated-non-capital-assets

Here are specific requirements at a practical level.

  • Customer responsibilities
    • Patching computers
      • Operating systems that are not supported by the vendor are not allowed unless a written exception has been granted by the Division of IT.
      • If computers are managed by EIT, reboot the machine monthly to ensure patches take effect.
      • If computers are not managed by EIT, apply patches to operating systems and applications to keep machines up to date.
    • Physical security
      • Keep devices and equipment in locked areas.
      • Do not leave portable devices unattended.
    • Disposal of old equipment and devices
      • There is a required process to follow.  No one is permitted to dispose of devices through any other process. 
      • Contact EIT (eit-help@umd.edu, x51634) for disposal of old devices.  There are procedures that must be followed to manage inventory and to ensure any sensitive data is not exposed.
  •  Inventory
    • All desktops, laptops, server, tablets, and cell phones owned or leased by UMD must be tagged and put into inventory.  Any devices that cost less than $5,000 are considered DNCA.  Any devices over $5,000 are considered capital assets.
    • Engineering IT Operations is acting as the asset specialist for DNCA.  The asset comes to us first to be tagged and configured.
  • Software EIT installs
    • Clearpass OnGuard network authentication
      • This is required by the Division of Information Technology for all UMD owned computers.
    • Crowdstrike anti-virus
      • This is required by the Division of Information Technology for all UMD owned computers.
    • Insight VM
      • This will be required in the near future by the Division of Information Technology to ensure that all computers are up to date on patches.
    • Lansweeper
      • This is used by Engineering IT for inventory purposes to help meet DNCA requirements.
    • MakeMeAdmin (Windows) or Privileges (Mac)
      • In required situations, this allows authorized users to elevate privileges for a brief period of time to install software or make configuration changes.  Running as a privileged user on a regular basis is not allowed by the Division of IT.
    • Central management and authentication
      • This is required by the Division of Information Technology for all UMD owned computers. 
      • Macs
        • JAMF for management and JAMF Connect for UMD authentication
        • Self service installation
        • Security patches
        • Configuration
      • Windows
        • AD/InTune for management and UMD authentication
        • Self service installation
        • Security patches (Ninite for 3rd party apps)
        • Configuration
      • Linux
        • Glue Linux
          • Kerberos for UMD authentication
          • Puppet for management 
          • Security patches
          • Configuration 
        • Non-Glue Linux
          • LDAP/Kerberos for UMD authentication
          • Ansible for management
          • Security patches
          • Configuration

Keywords:
security inventory 
Doc ID:
124737
Owned by:
Jeff M. in Engineering IT
Created:
2023-03-10
Updated:
2025-03-12
Sites:
University of Maryland Engineering IT