Since the summer 2022 approval of the University of Nebraska system’s policy for the “Responsible Use of University Computers and Information Systems” (Executive Memorandum 16), Information and Technology Services has implemented several security enhancements.

Changes faculty, staff and students should be aware of as this effort continues include:

• All employees are now required to use their email account for university business. This ensures that sensitive university data stays within university managed accounts.

• Security awareness training is required of all employees. Employees are notified via Bridge of required training; notifications will continue this summer and into the fall.

• All university-owned desktops, laptops and mobile devices are required to be enrolled in Endpoint Management services to receive appropriate risk-based security and routine software patches; devices are currently being enrolled and this process will continue this summer.

Why EM 16?

In an ever-changing world of cybersecurity threats, organizations, not just universities, but financial institutions, social media and other online services are implementing these strategies to mitigate risk and protect user data. These strategies are commonly defined through formal policies that govern the organization’s information systems, data and processes and guide the organization’s operations.

Implementation of EM16 helps address the following areas to improve and sustain our cybersecurity posture at the university through:

• Research compliance — Many research projects come with significant compliance requirements both federally and from other agencies. These requirements include cybersecurity tools and controls as well as a complete library of NIST compliant policies.

• Personal and academic data protection — Students, faculty, staff and governmental partners expect a robust cybersecurity program to effectively protect personal and academic data. In order to be eligible for federal funding, including financial aid programs, the university will be required to demonstrate compliance with NIST cybersecurity frameworks including a complete library of cyber policies. https://www.nist.gov/cybersecurity

• Business relevance — Business partners are requiring the deployment of a robust cybersecurity program as evidence that we are able to sustain operations during any cyber event. This optimizes business efficiency both in purchasing power and other business practices.

Additional security resources include:

• VPN
• Cortex XDR (Antivirus)
• Patch Management services
• Enterprise Endpoint Management
• Personal Device Security
• Vulnerability and Compliance Management