Enterprise IT Standards and Procedures
Technology Management Standards
Policy: Technology Management Policy
Document: Technology Management Standards
Campus: MSU Bozeman
Revision: 1.3
Contact: Ryan Knutson, Chief Information Officer
[email protected]
These Standards establish minimum guidelines for management of devices connecting to MSU’s network as outlined in the University Technology Management Policy (http://www.montana.edu/policy/enterprise_it/technology_management.html).
Operating System Requirements
Devices connecting to the University network must be using a supported operating system for which security updates are still being released by the manufacturer.
Examples of where Information on supported Macintosh, Microsoft, Linux and other server
operating systems can be found below:
• Apple: https://support.apple.com/en-us/HT201222
• Windows: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-
fact-sheet
• RHEL: https://access.redhat.com/support/policy/updates/errata
Software Maintenance Requirements
Software installed on University computers or attaching to the University wired or
wireless network should be up to date with vendor supported patches.
Examples of where Information on supported software can be found below:
• Microsoft: https://support.microsoft.com/en-us/lifecycle/selectindex
• Java: http://www.oracle.com/technetwork/java/eol-135779.html
• Adobe: https://helpx.adobe.com/support/programs/eol-matrix.html
• Red Hat: https://access.redhat.com/support/policy/update_policies
Desktop/Laptop Security Software Requirements
When a viable client exists, the following software packages must be installed and used on Desktops or laptops:
• Ivanti Endpoint Manager powered by LANDesk (for Windows computers)
• Microsoft Defender for Endpoint
• Spirion
• RJamf (for Mac computers)
Server Requirements
The following requirements apply to all MSU servers including production, test, development, and research servers:
• Must be managed by UIT system administrators
• Must be hosted in UIT datacenters or on UIT approved cloud services
• Must run a supported OS for which patches are regularly released
• All installed applications must be supported and regularly patched
• Where compatible, the following software must be installed:
- Microsoft Advanced Threat Protection
- Duo RDP/SSH
- Qualys
• Updates and vulnerability mitigations must be applied in accordance
with the vulnerability management standards
• Must be entered in the MSU Server Inventory system
• The following access controls must be implemented and maintained:
- Minimally permissive host firewalls
- Remote access restricted to appropriate VPNs
- Duo MFA protection (may be exempted on a case-by-case basis
by UIT Security)
- Login restricted to appropriate tier(s), per MSU’s tiered
access model
- LogRhythm access to system logs
• Where compatible, production MSU servers are to be backed up with a
UIT approved backup protocol
• Server hardware must be supported for firmware security updates
• Any storage of controlled or restricted information such as PII, CUI,
etc. must be approved by UIT and managed in accordance with the applicable additional
standards
• The purchase of any new servers or server applications must be approved
by UIT
• When a server is decommissioned, data must be securely erased per DOD
standards (physical systems) or properly deleted (virtual systems) and the system
must be removed from
or marked as decommissioned in all relevant integrations and documentation
(firewall exceptions, server inventory, DNS, Qualys, etc.)
• Exceptions to these requirements may be approved on a case-by-case
basis by the VP/CIO or a designated delegate thereof