Minimum Security Guidelines for NIU Owned devices

Permitted Operating Systems 

Last reviewed date 3.15.2023

All permitted operating systems, mobile devices and network connected IoT must be kept updated to the current vendor supported patch/update level and follow the NIU Vulnerability Management and Patch Management Policy.

• Windows 10/11 Enterprise versions that have not reached their end of service date.
• Windows 2022 server and windows servers that have not reached their end of service/support date. That includes Windows server 2019, 2016, and 2012. 
• macOS 13 (Ventura) and back two previous versions macOS 12 (Monterey) and macOS 11 (Big Sur)
• All other operating systems, or firmware levels for mobile devices and IoT, that the original vendor still supports and releases security updates for, are permitted. NOTE: not all mobile devices or IoT are compatible with all connectivity or security controls.
• All operating systems, or firmware levels for mobile devices and IoT, that have reached end of support and do not receive regular security updates from the vendor must be decommissioned unless an exception has been requested and approved by the CISO and CIO.

Anti-Virus / Anti-Malware Software

• NIU security baseline requires the Microsoft Defender Suite and CrowdStrike on all devices supported by these products.
• NIU security baseline requires web traffic security to be enabled on the endpoints through Windows SmartScreen and/or CrowdStrike.

Local Firewalls

• NIU security baseline requires local device firewall to be enabled and configured to block unauthorized connections.

Disk Encryption

• NIU security baseline requires local device storage encryption on all devices.
• Windows Policies have been created for Microsoft BitLocker implementation on NIU-owned devices.
• Apple: the built-in FileVault must be used to encrypt Mac laptops.
• Support from DoIT and administration of recovery keys is available for both BitLocker and FileVault. You must work with DoIT to implement this else you are responsible for managing your recovery keys.

Network Security

• Hard-lined devices and those on authenticated NIU Wireless adhere to strict security standards on both the network and client side. No NIU-owned devices should be connecting to NIU Guest wireless when it is possible to connect to NIU Wireless.

NIU Data Storage

• Every NIU employee has access to secure cloud storage with Microsoft OneDrive. Individual departments may also have access to network drives that are secured and maintained by DoIT.
• NIU data must not be stored on a personal device.

Administrator Privileges

• Users are not local admins on their machines by default. Users who require administrator access must have their supervisor's and DoIT's approval and get a separate administrative account according to these account and password guidelines.

Software Installation

• Do not install software from unvetted sources.
• Use the same best practices for software installation as you would on an NIU-owned device.
• Inform your local IT support whenever you need additional software installed.

Passwords

Passwords are critical to the security of your accounts, your devices, and the data you have access to. You must follow the account and password guidelines. Below are some best practices regarding passwords.

• Never re-use you NIU password for personal Internet sites or services
• Never share your passwords
• Create long passwords or pass phrases of at least 16 characters. 
• Use multifactor authentication whenever possible
• Use a password manager to securely store and access passwords.  Though the University does not recommend any one solution, here are some examples of free password managers:
  • KeePass: https://keepass.info/
  • Keeper: https://keepersecurity.com/