As defined by our Policy & Standards, the following Minimum Security Standards apply to all users and all devices connected to the UCI Network or accessing UCI Information. Examples of endpoints include desktops, laptops, servers, tablets and other mobile devices.
| Standard | What to do |
| Anti-Malware | Install anti-malware software running up-to-date definitions. UCI recommends Microsoft Defender for Windows.
Perform real-time protection and regular full scans. |
| Backup and Recovery | Make sure your institutional information is backed up incrementally daily and a full backup weekly. Test your backup recovery monthly.
Protect your backups based on the classification level of the information contained. |
| Host-Based Firewall | Run host-based firewall software configured to block all inbound traffic that is not explicitly required for the intended use of the device. |
| Password/PIN Lock | Secure devices with a strong password, PIN, smart card or biometric lock. |
| Patching | Use automatic updating or connect to your IT department patching and upgrade service.
Apply supported security patches to all operating systems and applications as soon as possible. Critical and high-risk vulnerabilities must be patched within 14 days, other patches must be applied within 30 days. |
| Physical Security | Use physical security cables to protect against theft or loss of valuable information from your workplace or vehicle.
Lock devices in a cabinet at the end of the day/shift. |
| Portable Device Encryption | Device-level encryption is required for all portable devices. |
| Separation of Non-Privileged and Privileged Accounts |
Use non-privileged user accounts. Only elevate to root or Administrator when necessary. |
| Session Timeout |
Use screen lock mechanisms or session timeout to block access after a defined period of inactivity (15 minutes).
Enable inactivity timeout on portable computing devices. Use TMOUT or another method to automatically logout on LINUX or UNIX. |
| Supported Operating Systems |
Run a version of the operating system that is supported by the vendor and current security patches are still available. |
Additionally for University funded/owned endpoints
| Standard | What to do |
| Endpoint Detection & Response (EDR) | Part of the UC Threat Detection and Identification (TDI) program Contact your IT dept to ensure the UCI standard EDR software is installed on your endpoints |