What is the Computer Security Policy?
The security policy is a set of requirements to help UNLV maintain a safe computing environment on campus. The policy requires that all computers at UNLV be protected by a password to gain access to the computer; all computers have an antivirus application actively running and maintained with current definitions from the software publisher; all operating systems must have all security patches released applied; all computers must engage a lock screen after a period of time, which requires a password to be used to gain access to the computer.
Why is the Computer Security Policy being implemented?
The policy is being implemented as a result of guidance provided through the NSHE Security Audit conducted in the Spring of 2011. The security audit directs UNLV to adhere to the NSHE Procedures and Guidelines manual (PGM). The policy also supports industry best practices.
What is a UNLV computer?
Any university-issued desktop or laptop, listed as property of UNLV/NSHE on the university inventory list, regardless of whether the desktop or laptop is properly labeled or tagged as such.
How will the Computer Security Policy affect my daily work at UNLV?
OIT will start helping to manage security updates on campus computers we support, as well as ensuring anti-virus is running and up to date. Watch for more information regarding UNLV Smart Computing. You will need to ensure your passwords are secure, changing them as needed. You also need to set up your computer to time out and lock the screen if you are not using it. They can be configured to lock after 15 minutes of inactivity to meet this requirement, and you can lock your screen manually any time you walk away from your computer. After locking, you will need to log back in to continue use.
What if I cannot adhere to the policy?
You can ask for policy exceptions by completing the Policy Exception Form. If your computer is granted an exception from the Computer Security Policy, you will have the responsibility of maintaining the security of the computer, and the data on it, to the same levels as the policy requires. Exceptions may be necessary in the case of special applications or other business or research needs.
Some devices are exempt from the policy by default because they are unable to technically meet these requirements. If you are using such a device, you are still responsible for maintaining security of the device and the data on it. Examples of such devices currently include, but are not limited to, iPads and Blackberries.
I am running Linux/UNIX on my computer, how does the Computer Security Policy affect me?
If your machine is running Linux/UNIX you must maintain your computer to the same level as expected for OIT to maintain all other computers on the campus.
My computer contains an antivirus application that is not maintained by OIT, how does the Computer Security Policy affect me?
If you’re using another application besides Symantec you will need to keep the definitions up-to-date.
My lab computers are not connected to the network, how does the Computer Security Policy affect me?
Even though your computer is not connected to the network, you were still expected to maintain your computer to the same level as the Computer Security policy requires.
How can I create a strong password?
Your password must be twelve or more characters in length and include at least three of the four types of characters: upper case letters, lower case letters, symbols and numbers. Some examples of strong, secure passwords are below (please create your own and do not use these):