Minimum Security Guidelines for NIU Owned devices

Supported Operating Systems 

Last reviewed date 11.29.2021

• Windows 10/11 Enterprise versions that have not reached their end of service date. The university will also support Windows 8.1 until end of extended support January 10, 2023.
• Windows 2022 server and windows servers that have not reached their end of service/support date. That includes Windows server 2019, 2016, and 2012. 
• macOS 12 (Monterey) is recommended and supported. The university will support up to two previous versions: Big Sur (macOS 11) and Catalina (macOS 10.15)
• All other operating systems that the original vendor still releases security updates on a regular basis are permitted.
• All operating systems that have reached end of support and do not receive regular security updates from the vendor must be decommissioned unless an exception has been requested and approved by the CISO and CIO.

Anti-Virus / Anti-Malware Software

• DoIT staff recommend and support Microsoft Endpoint Protection to protect Windows devices against viruses and malware. The software and its threat definitions are automatically updated for any network-connected machine.
• Windows SmartScreen provides additional security.
• DoIT does not currently support Apple anti-virus software.

Local Firewalls

• Windows: Microsoft's built-in local firewall is enabled by default. DoIT has customized the default policies for additional security and for essential software access.
• Apple: The Mac OSX firewall is not enabled by default. DoIT recommends users enable the firewall. DoIT does not actively enable or monitor local Mac firewall policies.

Disk Encryption

• Windows: Policies have been created for Microsoft BitLocker implementation on NIU-owned mobile devices, but there is no NIU-wide enforcement of these policies.
• Apple: When desired, the built-in FileVault should be used to encrypt Mac laptops.
• Support from DoIT and administration of recovery keys is available for both BitLocker and FileVault.

Network Security

• Hard-lined devices and those on authenticated NIU Wireless adhere to strict security standards on both the network and client side. No NIU-owned devices should be connecting to NIU Guest wireless when it is possible to connect to NIU Wireless.

NIU Data Storage

• Every NIU employee has access to secure cloud storage with Microsoft OneDrive. Individual departments may also have access to network drives that are secured and maintained by DoIT.
• NIU data should never be stored on a personal device.

Administrator Privileges

• Users are not local admins on their machines by default. Users who require administrator access must have their supervisor's and DoIT's approval.

Software Installation

• Do not install software from unvetted sources.
• Use the same best practices for software installation as you would on an NIU-owned device.
• Inform your local IT support whenever you need additional software installed

Passwords

Passwords are critical to the security of your accounts, your devices, and the data you have access to. Below are some best practices regarding passwords.

• Never re-use you NIU password for personal Internet sites or services
• Never share your passwords
• Create long passwords or pass phrases of at least 16 characters. 
• Use multifactor authentication whenever possible
• Use a password manager to securely store and access passwords.  Though the University does not recommend any one solution, here are some examples of free password managers:
  • LastPass: https://www.lastpass.com/
  • KeePass: https://keepass.info/
  • Keeper: https://keepersecurity.com/