SUBJECT:

Enhanced Minimum Computer/Network Security Standards

Three years ago we announced the first set of UCSD's minimum network security standards. Since then, significant progress has been made to protect the campus information technology infrastructure, but hackers have also stepped up their level of sophistication and are still posing significant threats to our data and networks.

Today we are announcing a new set of enhanced minimum standards that address security requirements for specific computing activities. For detailed information please see:
http://blink.ucsd.edu/go/networkstandards

The new standards have minimal impact on most desktop and laptop computers that already meet the current standards. However, the impact of the new standards is much more significant for computing servers and for devices that interact with sensitive or private data.

We encourage you to review the standards immediately and implement them as soon as possible in coordination with your departmental system administrators. However, because the impact of these standards is broad, a somewhat longer implementation period has been created within the standard. Devices which do not meet the appropriate requirements within the timeframes outlined in the standards will be subject to immediate disconnection from the UCSD network. Exceptions to the minimum standards will be approved on a case-by-case basis and will require alternative security actions.

Questions about this policy can be sent to: computingpolicies@ucsd.edu and questions about this announcement should be addressed to Gabriel Lawrence, UCSD Data & Network Security, at glawrence@ucsd.edu or (858) 822-3785.

Steven W. Relyea Vice Chancellor - Business Affairs David Miller Associate Vice Chancellor - Academic Planning and Resources