This document provides the ISO-approved baseline configuration standards for University owned devices. System specific instructions can be found at the links above.
UTS 165 mandates the "Information Resource and Security Policy" for the entire UT System. Section 27 provides the specifics for servers and network devices:
- "To protect against malicious attack, all Servers on U.T. System networks will be security hardened based on risk analysis and must be administered according to policies and standards procedures prescribed by the Entity, as applicable, and must incorporate procedures for the following:
- managing the testing and installation of security patches; and
- setting baseline security “hardened” configuration standards for all network device types (examples:routers, laptops, desktops, and personal digital assistants)."
These security standards and guidelines apply to all UT Arlington owned servers (physical or virtual), routers, switches, laptops, desktops and portable devices.
The ISO has chosen to utilize the secure configuration benchmarks provided by the Center for Internet Security as the basis for the configuration standards provided in this document. CIS has provided specific secure configuration benchmarks for a wide variety of technologies since 2000, and is widely used by government, education and business entities worldwide. More information about the Center for Internet Security can be found on its website: http://www.cisecurity.org