USG & Institute Requirements
For Faculty, Staff, Graduate Students, and Student Employees
A recent USG audit yielded the need for significant improvements to Georgia Tech's existing endpoint security program, including increased enforcement and compliance across the Institute. President Cabrera has requested that campus leadership work with their respective teams to ensure full attention and participation in the endpoint compliance effort and other efforts related to data security and protection.
Based on USG recommendations and contractual obligations, Georgia Tech is implementing controls in the phases below.
*Please note that endpoint compliance information may differ for employees in GTRI. Any necessary changes will be communicated by GTRI's local IT department.
Georgia Tech's Endpoint Management & Protection Program ensures secure management of all Institute-owned endpoint devices, including desktops, laptops, tablets, and mobile phones. The endpoint program is supported within the Institute Strategic Plan's Data Excellence Initiative as a Security, Privacy & Risk strategy. Each Data Excellence strategy advances efforts to build a culture around data security and privacy at Georgia Tech.
Benefits of Endpoint Management & Protection
Protection against cyber threats
Simple self service installation and updating of GT-licensed software
Centralized process for applying patches and making updates
Compliance with university system policy, as endpoint management tools are configured to push settings enabling automatic compliance with policy
Faster, and sometimes automated, issue resolution
Please note that many of these details are specific to IT professionals and those that self-administer their machines.
By August 31, 2021 - Complete
Disable Auto-Run and Auto-Play
Active Directory Group Policy will be configured to disable auto-run or auto-play technology. Auto-run and auto-play enable devices to automatically launch programs from external drives or media that are connected.
IT Staff - View the GPO that will Disable Auto-Run >
By September 15, 2021 - Complete
Endpoint management tools will enforce installation of Qualys Cloud Agent and Cortex XDR.
Users may notice new applications such as CortexXDR (anti-malware) and Qualys (inventory and vulnerability scanning) on Institute owned endpoint devices.
IT Staff - View Knowledge Articles on XDR and Qualys Enforcement >
By September 30, 2021 - Complete
Transition from FireEye to Cortex XDR
Transition from FireEye anti-malware software to Cortex XDR Installation of endpoint management tools on Institute-owned devices for all departments with local IT support.
Phase 1 Completion
Compliance by December 31, 2021
Full Endpoint Compliance
- Installation of endpoint management tools on all Institute-owned devices (workstations, laptops, and servers), including those in departments without local IT support.
- Idle screen lock
- Patch management
- Host based firewalls
- Log management
- Complete inventory of Institute-owned devices due (Departments will be able to upload inventory data into a SnipeIT reporting instance)
Knowledge Article - SnipeIT: Syncing Assets to the Roll up Instance>
Knowledge Article - SnipeIT Inventory Rollup Process>
Knowledge Article - SnipeIT - Rollup Attribute Requirement Details>
Each department is expected to upload their inventory data according to the reporting schedule below. The intent of having an incremental reporting schedule is to ensure consistent progress is made by each unit before the inventory deadline of December 31, 2021. A report will be generated at the end of each reporting period and communicated to Georgia Tech Leadership to report overall inventory progress. Please note that December 31, 2021 is the deadline for Georgia Tech to have completed its first centralized asset endpoint inventory based on the USG Endpoint Audit findings and proposed Management Response.
• Period 1: 9/3 - 9/17/21
• Period 2: 9/17 - 10/1/21
• Period 3: 10/1 - 10/15/21
• Period 4: 10/15 - 10/29/21
• Period 5: 10/29 - 11/19/21
• Period 6: 11/19 - 12/1/21
VPN Solution Transition
Phase 2 also includes the complete transition from the Cisco AnyConnect VPN to the GlobalProtect VPN solution. While many students, faculty, and staff already use the GlobalProtect client and web-based solution, this phase ensures that all AnyConnect users completely transition to GlobalProtect. The transition dates vary based on your role at Georgia Tech and are shared below:
- OIT System Administrators: 9/28/21
- CSRs/IT Community: 11/2/21
- Faculty/Staff/Employees: 12/21/21
- Students/All Others: 5/10/22
Phase 2 Completion
By July 31, 2022
- Network-based enforcement and controlled admission will be implemented for Institute-owned devices. This restricts access to Georgia Tech's network to Institute-owned endpoints with approved endpoint management and protection solutions installed.
- Mechanisms will also be developed to control admission of BYOD devices accessing the GT network and application.
- Device encryption
- Administrative privileges
- Non-centrally managed email services (including but not limited to departmental email servers, email relay servers, email distribution servers, or third party email services or distribution services) are replaced by the use of Georgia Tech centrally managed email services or approved third-party email services
Phase 3 Completion
- Am I responsible for personally installing the endpoint tools on my device?
While you are responsible for ensuring your GT-owned device is secured, please work with your local IT professional(s) to assist you to accomplish this.
- What are the endpoint protection and management tools and what do they do?
The endpoint protection solutions are:
- Cortex XDR (Currently sunsetting FireEye) - Modern anti-virus, threat detection and response. This blocks malware using both traditional signature-based and machine learning based engines. It enables Georgia Tech's Security Operations Center (SOC) within Cyber Security to detect, quarantine, investigate, and mitigate system threats.
- Qualys - Vulnerability detection. This detects and reports software that is not patched and/or misconfigured to SOC.
The endpoint management solutions are:
- SCCM/InTune - Windows endpoint and configuration management. Helps keep system parameters and software properly configured.
- JAMF - Apple endpoint and configuration management. Helps keep Apple system parameters and Apple software properly configured. Allows self-service installation of many GT licensed and other software tools.
- SaltStack - Endpoint and configuration management. Helps keep system parameters and local software properly configured for Windows, Mac, and Linux.
- Which endpoint tools are required?
The endpoint protection solutions, Cortex XDR and Qualys, are required for all machines and the appropriate management agent is required based on the device type: SCCM/InTune for Windows, JAMF for Mac, and SaltStack for Linux.
- What about GT-issued mobile phones and tablets?
GT-owned mobile devices and tablets must be enrolled in endpoint management and secured by encryption with PIN/password.
- Are these tools "Big Brother spyware" that track everything I do online using my GT equipment?
- Where can IT professionals find more information?
A series of knowledge base articles are shared on ServiceNow at Services.gatech.edu.