Device Security
If you have a personally-managed Windows, Mac, IOS or Android device that needs to comply with MSSND requirements, follow the step-by-step instructions below for how to configure your device to meet campus policy.
MSSND #1: Patching and Updates
Supported Operating System:
Upgrade your Windows or Mac desktop or laptop devices to the latest operating system version to take advantage of built-in security features.
Updates:
Keep your Windows, Mac, Android and iOS mobile devices up-to-date.
Supported Software:
The software that is installed on your computing devices (e.g., Microsoft Office) must be actively receiving security updates from the vendor.
For Open Source applications, software must be actively maintained by developers with timely security release updates for any reported vulnerabilities.
Software such as Google Chrome, Firefox, Microsoft Office, Zoom should be kept up to date by following update prompts.
MSSND #2: Anti-malware Software
Enable built-in anti-malware features.
MSSND #3: Host-based Firewall Software
Turn on the built-in host-based firewall for your Windows or Mac desktop or laptop computing devices.
Enable Firewalls:
Log Firewall Activity:
MSSND #4: Use of Authentication
There are no actions needed for this requirement.
MSSND #5: Passphrase Requirements
-
Passphrases and PINs must be sufficiently complex. Guidelines can be found here.
-
Passphrases must be unique across all accounts, including personal accounts. (e.g. do not re-use your CalNet passphrase on your social media accounts).
-
Passphrases must not be shared.
-
Each individual on a system should have their own unique user account and passphrase.
-
Passphrases and associated data such as account recovery secrets should be stored securely using a Password Manager
-
LastPass premium is now available to students, staff, and faculty
-
-
Do not store passphrases unencrypted (e.g. in email, in a plain text file, or written on sticky note next to desk).
- For secure passphrases, ISO recommends setting Account Lockout Policies to prevent brute-force password login attacks.
MSSND #6: Device Lock-out
Set your devices to lock the screen after 15 minutes of inactivity.
MSSND #7: Unnecessary Services
There are no actions needed for this requirement.
MSSND #8: Remote Access Services
If you need remote access to your system from off campus, use an Approved Campus Remote Access Service or use Unit-approved Remote Access Services that meet the MSSND #8 Guidelines.
MSSND #9: Privileged Accounts
Do not assign Administrator privileges to the login account that you use for day-to-day activity on your Windows or Mac devices. Create a separate Administrator account to be used only when elevated privileges are needed.