Secure Computing Project

OverviewComputer StandardServer StandardContact & FAQ

Project overview

In 2022, the CU Boulder campus adopted baseline security standards for university-owned computers and servers which are being implemented through the Secure Computing project. In order to better ensure the integrity of the shared information technology environment on our campus, these standards address the following challenges:

  • Increase the security of university computing assets including data.
  • Reduce risk to university intellectual property. ​
  • Drive enterprise effectiveness and reduce risk of software audits.
  • Provide support to a broad set of employees.
  • Maintain employee flexibility in their technology to conduct their teaching, research, and creative work.

Dell and Apple computers ordered through the CU Marketplace are loaded with the settings and software needed to meet the Secure Computing Standard. Learn more about the purchase and set-up process for newly purchased computers on the Secure Computing for CU Boulder webpage. Support information, designed for IT professionals, is on the Secure Computing - Information for IT Professionals page.

All other computers will need to be enrolled in the Secure Computing framework by October 2025 when Microsoft will no longer support the Windows 10 operating system and Apple will no longer support the Ventura operating system. In order to develop a plan for bringing all computers into compliance with the Secure Computing Standard by this date, each department needs to take an inventory of its computers and assess if the computer can be updated to a supported operating system.

Project timeline

July 2022: Secure Computing Standards are published
July 2023: Secure Computing compliant Macs and Dells available in CU Marketplace
May 2024: Macs previously purchased through CU Marketplace enabled for Secure Computing enrollment upon next reset
June 2024: Deadline for Defender for Endpoint to be installed on all university-owned computers and for all campus servers to be compliant with the Secure Computing Standard for Servers
July 2024: Start of departmental computer inventory and discovery phase for departmental Action Plan development
October 2025: Target for all campus university-owned computers to be compliant with the Secure Computing Standard.

Why does CU Boulder need computer and server standards?

  • The complexity, speed and number of cyber threats are increasing and colleges and universities are being targeted by aggressive cyber attacks.
  • We need to better support hybrid teaching, learning and work in a secure manner.
  • A security disparity exists between those whose devices are managed by campus IT professionals and those that are not.
  • We must advance campus technology in a manner that keeps a CU Boulder education affordable and attainable for a robust and diverse student body.

Computer standard

To ensure the integrity of the shared information technology environment, all university-owned computers will need to meet these computer standard requirements. Click the button below to review the full Computer standard policy. 

Secure Computing Standard for Computers

Server standard

A university server is considered any physical, virtual, or cloud-based device that manages network resources and is owned by the university or connected to a university-owned network. To ensure consistent application of protections and adherence to the CU baseline security requirements, campus servers will need to meet the requirements outlined on CU Boulder's policy page. 

Secure Computing Standard for Servers

How will this affect me?

Learn more about how this project will better protect computers and servers that you use or support:

Faculty and Staff
  • Secure Computing provided software will better protect data stored on your computer and in the cloud by providing vulnerability scanning, protection against unauthorized access to files on your computer, automatically deployed software and operating system updates, and antivirus and malware protection.
  • Through the CU Marketplace, departments can order new Dell and Apple computers that are fully compliant with the security standards.
  • Defender for Endpoint must be installed on all university-owned computers as of June 30, 2024.
  • Departments will be expected to make a plan to bring all its computers into compliance with the Computer Standard by October 2025. 
Research Institutes' Faculty and Staff
  • Both computer and server standards will apply to research institutes. The deadline for adoption and compliance will be October 2025.
  • Defender for Endpoint must be installed on all university-owned computers as of  June 30, 2024.
  • All servers on a campus network, that are used by a CU-governed campus organization, must be aligned with the standards for servers as of June 30, 2024.
IT Support Professionals
  • Through the CU Marketplace, departments can order new Dell and Apple computers that are fully compliant with the security standards.
  • Departments will be expected to make a plan to bring all its computers into compliance with the Computer Standard by October 2025.
  • Support teams (department IT practitioners, Buff Techs, etc.) will be provided with support documentation and tools to help bring their customer bases into compliance with the defined standards. 
Server Administrators
  • As of June 30, 2024, all Windows-based servers must have Microsoft Defender configured to report status.
  • By June 30 2024, all Linux-based servers must have Endpoint Detection & Response (EDR) software installed, either Crowd-strike or Microsoft Defender.
  • All servers on a campus network, that are used by a CU-governed campus organization, must adhere to the Secure Computing Standard for Servers as of June 30, 2024.
Marketplace purchasers
  • Starting in 2023, computers purchased through the CU Marketplace will include software and settings that allows for the device to meet the Secure Computing Standard  for university-owned computers.
  • Once a purchase has been entered into the Marketplace, the purchaser will receive an email with information on how to set up the new computer. If you ordered the computer on behalf of someone else, please forward the email to that person as it contains helpful information about initial configuration.
Student Organizations
  • By June 30, 2024, all Windows-based servers must have Microsoft Defender configured to report status.
  • All Windows-based servers on a campus network, that are used by a CU-governed campus organization, must be aligned with the standard for servers by June 30, 2024. This includes servers that are used by CU Boulder student organizations.

Contact Us & FAQ

Visit the Secure Computing FAQ for more information. If you have project-related questions, send an email to oitfeedback@colorado.edu with Secure Computing Project in the subject line.