To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.
Desktop and Portable Computer Standard
Current Desktop/Portable Computer Standard (reflects 2015 operational changes, supersedes previous version, effective 1/23/15)
What does it apply to?
- All RIT-owned or leased computers.
- Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.
The standard is not required for:
The following devices should employ these controls to the extent possible commensurate with the risk of the information that is accessed or stored on them.
- Computers used only to access RIT web pages, Webmail, etc. from off campus. (RIT strongly recommends that users follow the requirements of the standard on all computers.)
- Mobile devices (tablets, cell phones), pagers, PDAs, copiers and other special purpose devices that connect to the Institute network solely through Web, portal, or application access.
Storage of Private information is prohibited on these devices.
What's new with the 2015 standard?
The key changes that impact end users are around encryption and managing Private Information. All systems (laptop or desktop) that access Private Information will be encrypted. (Previously, all laptop computers were encrypted, regardless of whether or not they accessed Private Information.) At the discretion of your deans and vice presidents, any systems (laptop or desktop) that do not access Private Information and that report no unprotected matches in the Identity Finder scan reports may have encryption removed. (You will still need to run monthly Identity Finder scans and remediate any unprotected matches.)
Note that lab computers and grant-funded computers that don’t access Private Information are not required to run Identity Finder. If you have any questions about whether a computer is required to run Identity Finder or about encryption requirements in your area, contact your PIMI rep.
What do I need to do?
- The Desktop and Portable Computer Checklist: General User is the quickest way to check if you comply with the security requirements.
- The Desktop and Portable Computer Checklist ITS-Supported Users is designed for users whose department is supported by ITS.
- A Desktop and Portable Computer Checklist: Systems Support is available systems support personnel to ensure supported users comply with the standard.
- Use our Securing your Computer page to find the required software and supporting documentation for the Desktop Standard.
- Our Digital Self Defense Workshops provide a basic introduction to information security issues and include interactive simulations that let you practice using the required software in a safe environment.