APPENDIX TO POLICY

Virus/Malware Protection Standard

Objective

To protect University information and IT resources from viruses or other malicious code, anti-virus/malware software must be used to assist in preventing and detecting infections. Infections must be eradicated or quarantined. Virus/malware is a threat to the University network and not limited to a single device.

Security Controls

Multi-user systems (e.g., file server, email server, print server)

The following table defines the baseline security controls for virus/malware protection software for multi-user systems.

Control Security Level
ID Description High Medium Low
VMP.A.01 Use current supported versions and definitions for anti-virus and virus filtering software (suggested: definitions updated within 1-7 days of release) Required Required Required
VMP.A.02 Manage audit logs Required Recommended Optional

Single-user systems (e.g., desktop, laptop)

The following table defines the baseline security controls for virus/malware protection software for single-user systems.

Control Security Level
ID Description High Medium Low
VMP.B.01 Use current supported versions and definitions for anti-virus and virus filtering software (suggested: definitions updated within 1-7 days of release) Required Required Required
VMP.B02 Manage audit logs Recommended 1 Recommended Optional

1 This is required for systems in scope for credit card processing environment per PCI-DSS. This includes systems that support or store, process or transmit cardholder data.

Resources Covered

This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted .

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

More information on Virus/Malware Protection

Published Date

  • November 2014

Document Feedback