Skip to main content

Secure Computing Project

Project overview

The CU Boulder campus is adopting baseline security standards for university-owned computers and servers that will be implemented over time. In order to better ensure the integrity of the shared information technology environment on our campus, these standards will help address the following challenges:

  • Increase the security of university computing assets including data.
  • Reduce risk to university intellectual property. ​
  • Drive enterprise effectiveness and reduce risk of software audits.
  • Provide support to a broad set of employees.
  • Maintain employee flexibility in their technology to conduct their teaching, research, and creative work.

Why does CU Boulder need computer and server standards?

  • The complexity, speed and number of cyber threats are increasing and colleges and universities are being targeted by aggressive cyber attacks.
  • We need to better support hybrid teaching, learning and work in a secure manner.
  • A security disparity exists between those whose devices are managed by campus IT professionals and those that are not.
  • We must advance campus technology in a manner that keeps a CU Boulder education affordable and attainable for a robust and diverse student body.

These changes are among a number of significant changes CU Boulder is making to create a hybrid-smart IT environment for CU Boulder. Learn more about these changes on the OIT Major Projects & Service Direction page. 

Computer standard

To ensure the integrity of the shared information technology environment, all university-owned computers will need to meet these computer standard requirements:

  1. Run current, supported software; unsupported or end-of-life software is prohibited. ​
  2. Be enrolled in​ Microsoft Endpoint Configuration Manager (Windows computers) or Jamf (Mac computers). ​
  3. Be encrypted with whole disk encryption.​
  4. Run Microsoft Defender for real-time scanning to prevent, detect, and remove malware or potential vulnerabilities.​
  5. Gather and send hardware and software information​ to central inventory for vulnerability tracking, network identification, and audit preparedness.
  6. Use OIT supported and approved enterprise cloud storage solutions to back up and protect University data from loss.​
  7. Installed campus public safety emergency notification client.​

* Exceptions: If a compelling business reason exists, exceptions to standards may be granted by the Provost and Executive COO in consultation with the Sr. AVC/CIO.

View the Secure Computing Standard for Computers

Server standard

A university server is considered any physical, virtual, or cloud-based device that manages network resources and is owned by the university or connected to a university-owned network. To ensure consistent application of protections and adherence to the CU baseline security requirements, campus servers will need to meet these server standard requirements:

  1. Run current, supported software; unsupported or end-of-life software is prohibited.​
  2. Provide role-based access control.​
  3. Log authentication and authorization events.​
  4. Be enrolled in the campus anti-malware and detection and response application; mitigate potential vulnerabilities.​
  5. Be enrolled in the campus vulnerability scanning solution or an approved equivalent. 
  6. Apply security updates in compliance with the Identification and Management of Security Flaws in IT Systems Standard.
  7. Ensure the server is backed up on at least a weekly basis; backups must be encrypted; minimum of 30 days of backups.
  8. Ensure an active stateful firewall operational at all times​ whose ruleset is audited and updated on a semi-annual basis.
  9. Maintain up-to-date system ownership and management contacts with OIT.​
  10. Custom-developed applications maintained and assessed for vulnerabilities.

* Exceptions: If a compelling business reason exists, exceptions to standards may be granted by the Provost and Executive COO in consultation with the Sr. AVC/CIO.

View the Secure Computing Standard for Servers

How will this affect me?

Learn more about how this project will better protect computers and servers that you use or support:

Faculty and Staff
  • This software will better protect data stored on your computer and in the cloud by providing vulnerability scanning, protection against unauthorized access to files on your computer, automatically deployed software and operating system updates, and antivirus and malware protection.
  • Starting in late 2022, departments will be provided with the capability to order new computers that will be fully compliant with the standards.
  • In 2023, departments will be provided with the capability to bring pre-existing computers up-to-date to meet the standards. 
Research Institutes' Faculty and Staff
  • Both computer and server standards will apply to Research Institutes.  The timeframe for adoption and compliance will begin in the second half of 2022.
  • All servers on a campus network that are used by a CU-governed campus organization must be aligned with the standards for servers.
IT Support Professionals
  • Starting in late 2022, departments will be provided with the capability  to order new computers that will be fully compliant with the standards.
  • In 2023, departments will be provided with the capability to bring pre-existing computers up to date to meet the standards.
  • Support teams (Department IT Practitioners, Buff Techs, etc.) will be provided with support documentation and tools to help bring their customer bases up to the defined standards. 
Server Administrators
  • All servers on a campus network that are used by a CU-governed campus organization must be aligned with the standard for servers.
  • By July 29, 2022, all Windows based servers must have Microsoft Defender configured to report status.
Marketplace purchasers
  • Starting in late fall of 2022, computers purchased through the CU Marketplace will include software that allows for the device to meet baseline security standards for university-owned computers.
Student Organizations
  • All servers on a campus network that are used by a CU-governed campus organization must be aligned with the standard for servers. This includes servers that are used by CU Boulder student organizations.
  • By July 29, 2022, all Windows based servers must have Microsoft Defender configured to report status.

Contact Us

If you have project-related questions, send an email to oitfeedback@colorado.edu with Secure Computing Project in the subject line.