All UMD owned Windows, MAC, and Linux systems (laptops, desktops, and servers) must meet the following minimum requirements to protect the UMD data and reputation. This document is not intended as a formal policy but instead is a set of operational requirements that codify existing USM and UMD policies and security standards.
The requirements for devices are that they:
Must have a UMD (Designated Non-Capital Asset) DNCA or Capital asset tag (as appropriate based on price at acquisition).
DNCAs must have an accurate record for the asset in the DIT operated Service Now HAMpro system including at least: asset tag number, serial number, manufacturer/mode, date of purchase, IT unit responsible for support, and current primary user (e.g., assigned to field). No current primary user is required for shared devices such as a classroom computer or devices that are not in use (e.g., in storage). Capital assets must be listed in the Workday-based capital asset database.
Be running a supported (still receiving security patches) version of the operating system.
Have Crowd Strike Falcon installed and running.
Have Rapid7 InsightVM agent installed and running.
Have Jamf (Mac) or Intune (Windows) installed and operational.
Have Whole disk encryption, Filevault (Mac) and bitlocker (Windows), installed and enabled.
Use Authentication for users via DIT’s Active Directory/Entra/Kerberos/LDAP system (likely a mandate to migrate from AD to Entra will happen soon).
Have a secureW2 network profile and security certificate installed.
Must have automated screenlock enabled if the device handles data at the High or Restricted data level under IT-2.
Global Protect VPN Software must be installed and used if the device is used to remotely access (off UMD network) UMD services.
Many of these requirements are automatically installed and configured via Jamf and Intune and thus do not require user action. They are listed here to document the baseline requirements for UMD systems.
If systems can’t meet these requirements due to specific business requirements, a waiver must be on file with the DIT security office documenting the asset tag number, and reason(s) for an exception as well as any required compensating controls.
Approved by the VP IT & CIO on 6/18/2026 under authority of UMD's Acceptable Use Policy (Policy X-1.00A).
This document will be revised periodically as security requirements and vendors change.