Policy
Policy Bookmark Anchor

Original Issuance Date: February 17, 2022

Last Revision Date: January 19, 2023

Effective Date: February 17, 2023

1. Policy Purpose
1. Policy Purpose Bookmark Anchor

The purpose of this policy is to provide structure for the deployment and management of endpoint protection systems and controls used to mitigate Information Security (IS) threats throughout the University of Wisconsin (UW) System.

2. Responsible UW System Officer
2. Responsible UW System Officer Bookmark Anchor

Associate Vice President for Information Security

3. Scope and Institutional Responsibilities
3. Scope and Institutional Responsibilities Bookmark Anchor

This policy applies to all UW System institutions, including UW System Administration.

This policy identifies the requirements for the installation and use of endpoint protection controls on all UW System owned or leased endpoints, irrespective of funding source and where technically feasible, that store or process data used to accomplish University research, teaching, learning, operations, or administration.

4. Background
4. Background Bookmark Anchor

The President of the University of Wisconsin System is empowered to establish information security policies under Regent Policy Document 25-5, Information Technology: Information Security. The UW System is committed to a secure IT environment in support of its mission.

The endpoint protection requirements described within this policy are designed to help ensure satisfactory and consistent practices to address and mitigate persistent IS threats posed by the presence of malicious and/or undesirable software on UW System institution owned or leased endpoints.

5. Definitions
5. Definitions Bookmark Anchor

Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:

  • Endpoint
  • Malware

6. Policy Statement
6. Policy Statement Bookmark Anchor

  1. Required Endpoint Activities
    Any UW owned or leased endpoints assigned an active IP address must:
    1. Be protected against malware by host-based and institutionally managed malware protection software;
    2. Maintain supported operating systems;
    3. Limit operating system and application access rights to the minimal level necessary for the end user to perform their job duties; and
    4. Employ controls to prevent unauthorized physical and logical access.

7. Related Documents
7. Related Documents Bookmark Anchor

Regent Policy Document 25-3, Acceptable Use of Information Technology Resources

Regent Policy Document 25-5, Information Technology: Information Security

UW System Information Security Program

UW System Administrative Policy 1000, Information Security: General Terms and Definitions

UW System Administrative Procedure 1036.A, Information Security: Endpoint Protection Standard

8. Policy History
8. Policy History Bookmark Anchor

Revision 1: January 19, 2023

First approved: February 17, 2022

9. Scheduled Review
9. Scheduled Review Bookmark Anchor

February 2027