Content Comparison

Authentication is required to access systems

Enterprise Directory Services (SSO) is required for authentication

☑

Two-Factor authentication (2FA) is required for users to access systems

☑

Two-Factor authentication (2FA) is required for privileged access to systems

Two-Factor authentication (2FA) is required for all remote access solutions

All passwords must meet Password Standard

Manage passwords for privileged Service Accounts in password vault

Manage passwords for privileged Shared Application Accounts in privileged access management tool

Manage passwords for Shared Application Accounts with non-privileged access in password vault

Use of restrictive VPN that requires use of a University Devices to conduct privileged access

Two-Factor authentication (2FA) required for non-local maintenance solutions. Individuals must actively accept remote sessions.

Access granted on principle of Least Privilege

Review accounts annually and remove individuals who no longer require access

☑

Implement host-based firewalls to block all inbound traffic not required for use of computer and/or server

Computer must use session lock after 15 min of inactivity

☑

Physically secure servers within a University Data Center

☑️

☑️

Physically secure servers within Secure Server Room

Backup media must be secured from unauthorized physical access

Printer securely configured in a restricted-access location with authorized person available to receive printout immediately, or printer is password-protected

⬜

⬜

Server housed in University Data Center whole-disk encrypted

⬜

⬜

⬜

Server housed in server rooms whole-disk encrypted

☑

Server not in server room/device whole-disk encrypted

Development and testing environments of systems storing data are separate from production environment

☑

☑