All devices, regardless of location or ownership, must satisfy the following minimum network connectivity requirements, as appropriate, before connecting to the UNW network.

The purpose of these requirements is to establish minimum security standards to minimize risk to the security of personal and institutional systems and data which will ultimately help safeguard the operation and integrity of the UNW Network.

This policy applies to all users of computing resources, whether personally owned or owned and managed by UNW. Individuals covered by the policy include (but are not limited to) UNW faculty and visiting faculty, staff, students, alumni, guests or agents of the administration, contractors, and external individuals and organizations accessing UNW's network services.

Computing resources include all devices that connect to the UNW network via a wired or wireless connection, regardless of the location or ownership of the computer or device.  

1. Security updates
   1. Devices connected to the UNW network must only run supported software and operating systems for which security patches are made available in a timely fashion. All currently available security patches must be applied on a schedule appropriate to the severity of the risk they mitigate. They must also have all currently available versions and updates installed. 
2. Anti-virus software
   1. Anti-virus software shall be used and kept up-to-date on devices where the use of such software is determined practical by the Chief Information Officer. All UNW-managed devices must have Microsoft Defender installed.
3. Software firewall
   1. Firewall software shall be used and kept up-to-date on devices that have firewall software capabilities.
4. Operating Systems
   1. Devices must be running vendor supported operating systems and firmware. Operating system patches must be installed with 30 days after release date.
5. Access control
   1. Devices shall require sign-on or login for users. Users shall be authenticated by means of passwords or by other authentication processes (e.g. biometrics or multi factor authentication). In general, only encrypted authentication mechanisms or protocols shall be used. When passwords are used, password construction and management shall comply with the UNW password policy.

The CIO is responsible for enforcing this policy and is authorized to regularly update this document and set specific standards for devices that connect to UNW’s network.

1. Compliance Measurement
   1. Devices that do not meet the requirements outlined in this policy will not be permitted to use UNW’s network until that device meets the minimum requirements.
   2. IT will verify policy compliance through various methods including, but not limited to, business tool reports, internal and external audits, and feedback to the policy owner. If a user on the UNW network is found to be in violation of this policy, IT staff reserve the right to disable network access or disable account access.
2. Exceptions
   1. Exceptions to the policy can be requested by contacting the IT Service Desk. Any exception to the policy must be approved in writing by UNW's CIO.
   2. Exceptions will be considered where the usability of critical applications is compromised, such as research equipment.

• Acceptable Use Policy
• Password Policy