Pursuant to University System of Georgia (USG) policy, Section 5.8, all USG organizations must implement endpoint security by “deploying tools that add a layer of security to devices connecting to networks that may otherwise make them vulnerable to cyber attacks.”
USG & Institute Requirements
For Faculty, Staff, Graduate Students, and Student Employees
A recent USG audit yielded the need for significant improvements to Georgia Tech’s existing endpoint security program, including increased enforcement and compliance across the Institute. President Cabrera has requested that campus leadership work with their respective teams to ensure full attention and participation in the endpoint compliance effort and other efforts related to data security and protection.
Based on USG recommendations and contractual obligations, Georgia Tech is implementing controls in the phases below.
*Please note that endpoint compliance information may differ for employees in GTRI. Any necessary changes will be communicated by GTRI’s local IT department.
Georgia Tech’s Endpoint Management & Protection Program ensures secure management of all Institute-owned endpoint devices, including desktops, laptops, tablets, and mobile phones. The endpoint program is supported within the Institute Strategic Plan’s Data Excellence Initiative as a Security, Privacy & Risk strategy. Each Data Excellence strategy advances efforts to build a culture around data security and privacy at Georgia Tech.
Benefits of Endpoint Management & Protection
- Protection against cyber threats
- Simple self service installation and updating of GT-licensed software
- Centralized process for applying patches and making updates
- Compliance with university system policy, as endpoint management tools are configured to push settings enabling automatic compliance with policy
- Faster, and sometimes automated, issue resolution
Please note the many of these details are specific to IT professionals and those that self-administer their machines.
By August 31 – Complete
- Disable Auto-Run and Auto-Play
Active Directory Group Policy will be configured to disable auto-run or auto-play technology. Auto-run and auto-play enable devices to automatically launch programs from external drives or media that are connected.
IT Staff – View the GPO that will Disable Auto-Run >
By September 15 – Complete
- Endpoint management tools will enforce installation of Qualys Cloud Agent and Cortex XDR.
- Users may notice new applications such as CortexXDR (anti-malware) and Qualys (inventory and vulnerability scanning) on Institute owned endpoint devices.
IT Staff – View Knowledge Articles on XDR and Qualys Enforcement >
By September 30 – Complete
- Transition from FireEye to Cortex XDR
Transition from FireEye anti-malware software to Cortex XDR Installation of endpoint management tools on Institute-owned devices for all departments with local IT support.
Phase 1 Completion
Compliance by December 31, 2021
Full Endpoint Compliance
- Installation of endpoint management tools on all Institute-owned devices (workstations, laptops, and servers), including those in departments without local IT support.
- Idle screen lock
- Patch management
- Host based firewalls
- Log management
- Complete inventory of Institute-owned devices due (Departments will be able to upload inventory data into a SnipeIT reporting instance)
Each department is expected to upload their inventory data according to the reporting schedule below. The intent of having an incremental reporting schedule is to ensure consistent progress is made by each unit before the inventory deadline of December 31, 2021. A report will be generated at the end of each reporting period and communicated to Georgia Tech Leadership to report overall inventory progress. Please note that December 31, 2021 is the deadline for Georgia Tech to have completed its first centralized asset endpoint inventory based on the USG Endpoint Audit findings and proposed Management Response.
• Period 1: 9/3 – 9/17
• Period 2: 9/17 – 10/1
• Period 3: 10/1 – 10/15
• Period 4: 10/15 – 10/29
• Period 5: 10/29 – 11/19
• Period 6: 11/19 – 12/1
VPN Solution Transition
Phase 2 also includes the complete transition from the Cisco AnyConnect VPN to the GlobalProtect VPN solution. While many students, faculty, and staff already use the GlobalProtect client and web-based solution, this phase ensures that all AnyConnect users completely transition to GlobalProtect. The transition dates vary based on your role at Georgia Tech and are shared below:
- OIT System Administrators: 9/28/21
- CSRs/IT Community: 11/2/21
- Faculty/Staff/Employees: 12/21/21
- Students/All Others: 5/10/22
Phase 2 Completion
By July 31, 2022
- Network-based enforcement and controlled admission will be implemented for Institute-owned devices. This restricts access to Georgia Tech’s network to Institute-owned endpoints with approved endpoint management and protection solutions installed.
- Mechanisms will also be developed to control admission of BYOD devices accessing the GT network and application.
- Device encryption
- Administrative privileges
- Sunsetting non-0365 mail servers
Phase 3 Completion
While you are responsible for ensuring your GT-owned device is secured, please work with your local IT professional(s) to assist you to accomplish this.