APPENDIX TO POLICY
Virus/Malware Protection Standard
To protect University information and IT resources from viruses or other malicious code, anti-virus/malware software must be used to assist in preventing and detecting infections. Infections must be eradicated or quarantined. Virus/malware is a threat to the University network and not limited to a single device.
Multi-user systems (e.g., file server, email server, print server)
The following table defines the baseline security controls for virus/malware protection software for multi-user systems.
|VMP.A.01||Use current supported versions and definitions for anti-virus and virus filtering software (suggested: definitions updated within 1-7 days of release)||Required||Required||Required|
|VMP.A.02||Manage audit logs||Required||Recommended||Optional|
Single-user systems (e.g., desktop, laptop)
The following table defines the baseline security controls for virus/malware protection software for single-user systems.
|VMP.B.01||Use current supported versions and definitions for anti-virus and virus filtering software (suggested: definitions updated within 1-7 days of release)||Required||Required||Required|
|VMP.B02||Manage audit logs||Recommended 1||Recommended||Optional|
1 This is required for systems in scope for credit card processing environment per PCI-DSS. This includes systems that support or store, process or transmit cardholder data.
This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted .
This applies to University community members who use or manage University IT resources.
More information on Virus/Malware Protection
- November 2014