UCF Computer Standards

This page contains general standards for workstations and mobile devices in compliance with UCF security policies and best practices. Such standards will provide an understanding of what departments should be doing in protecting computer systems against attack and lose of data.

Common Computing Standards For All Systems And Devices

  • User account passwords must be changed at least once every 60 days
    • Use a strong password containing six or more characters that are comprised of letters, numbers, and symbols
  • Enable screen lock-out or automatic account time-out on your systems and devices that activates after 10 to 15 minutes of idle time
    • General classroom computers may be set for a longer time period, but should not be longer than 30 minutes.
    • High traffic, publicly accessible computer may be set to a short time period, such as 5 minutes.
  • Set BIOS password to protect alteration of boot up procedures
  • All computing devices with firewall capabilities must have firewall enabled and only specific protocols allowed depending on applications running on them. There may be exceptions, such as Microsoft Domain Controls for reasons that everyone needs to connect to.  Database servers must be firewalled and only specific access granted to them
    • Major operating system vendors provide firewall software at no cost:
      • Windows firewall
      • MAC firewall
      • *nix IP filters
  • All data on computing devices must be erased before the device is transferred or surplused.
  • Disable unnecessary protocols, such NetBIOS, IPv6, etc. Enable only what is necessary and required.
  • Disable any unused wireless communication technologies (i.e. Wi-Fi, Bluetooth, infrared) from devices
  • In general, for end-user devices, configure them to automatically receive and install operating system and application updates from our local sources
  • Run the latest compatible OS version
  • Install the latest compatible security updates and patches
  • Remove administrative privileges from user accounts
  • Make frequent backups of your data. Securely store the data. Encrypt the data when at rest.
    • Encryption is required for restricted data
    • Have a plan for regularly testing your backups for integrity.
  • Enable system auditing
    • System logs generated by server services, must be kept for at least 6 months in the event of an investigation
  • Only transmit restricted data using secure methods, such as SSL, SSH, etc.
    • Refer to the Data Classification Policy
    • Do not transmit restricted data over insecure protocols such as e-mail, ftp, http, or telnet.

Common Guidelines For All Systems and Devices

  • All computing devices must have an up to date anti virus software.
  • Depending on the business reason for having restricted data on a PC or mobile device, restricted data must be protected by disk encryption technologies. Storage of restricted data on a mobile computing device must be approved in writing by the employee’s dean, director, or vice president and based on a legitimate business need.
    • Care must be taken to protect access keys and passwords in order to recover data and information
  • Asset recovery software is strongly recommended for end-user mobile devices. In the event of a theft the use of such technology enables authorities to locate and retrieve the device(s).

Standards for Mobile Devices

  • Storage of restricted data on a mobile computing device must be approved in writing by the employee’s dean, director, or vice president and based on a legitimate business need. Follow the guidelines above for proper protection of restricted data.
  • VPN technologies must be used, i.e. UCF Virtual Private Network (VPN), when accessing restricted resources from insecure networks such as publicly accessible wireless hotspots or public Internet service providers (ISP.)

Windows Workstation Standards

  • Do not save restricted data on workstations
    • Refer to the UCF data classification policy 4-008 at http://policies.ucf.edu
    • If there is a strong business reason for having restricted data on a workstation, restricted data must be protected by disk encryption technologies.
  • Limit share permissions to only intended users.
  • Maintain a patching management plan