...
All systems must be in a supported state. Devices, computers, software that is EOL (end of life) and no longer receiving regular vendor security patches should be upgraded or replaced. If this is not possible, systems will be isolated from the University computing environment.
Default accounts and passwords shall be disabled or changed before placing the resource on the network. If you have a vendor installing devices on the network you should include this requirement in your statement of work.
All systems shall be configured to provide the least functionality to meet the need, only essential capabilities should be enabled (i.e. restricting the use of unnecessary ports, protocols, or services).
Deploy antivirus and anti-malware solutions on all computers, including servers, desktops, and laptops to protect against malware and other threats. Systems must also run asset management, patch management, have encryption enabled, and other LTS required tools.
LTS will maintain guidelines for life cycle for standard equipment (switches, servers, workstations, etc).
The CISO or designee may grant exceptions to the standard to avoid business interruptions, assuming mitigating controls can be put in place.
...