In the summer of 2022, the University of Nebraska system approved an update to Executive Memorandum 16 — the Policy for Responsible Use of University Computers and Information Systems.

This policy update reaffirms the university’s commitment to appropriately protect the valuable technology investments in academic, research and business operations across Nebraska. In an ever-changing world of cybersecurity threats, organizations, not just universities, but financial institutions, social media, and other online services are implementing modern strategies to mitigate risk and protect user data.

Over the last 15 months, Information Technology Services has implemented several cybersecurity enhancements to meet the expectations of EM 16 and protect the university’s information systems and data, and guide technology processes and operations. The university is also investing in required annual Security Awareness Training to equip our community to be proactive digital citizens.

As these efforts continue, here are some additional changes to be aware of this fall:

• All employees will be notified to complete the required annual Security Awareness Training via email from Bridge. Faculty training notifications will arrive this fall.

• All university-owned workstations, servers and mobile devices must run a supported Operating System and be enrolled in Endpoint Management services to receive appropriate risk-based cybersecurity protection. Access to university networks now requires an authorized university identity, and devices will need to complete a risk-based security posture assessment.

• All employees are now required to use their email account for university business. This will ensure that sensitive university data stays within university-managed systems.

• October marks the 20th annual National Cybersecurity Awareness Month, a time to work together and raise awareness about the importance of cybersecurity. Throughout October, ITS will share best practices and offer mini training courses with the opportunity to receive cybersecurity champion certification.

Learn more about EM 16, including FAQ’s and a drafted implementation timeline.

Why EM 16?

Implementation of EM 16 helps address the following areas, which improve and sustain the cybersecurity posture at the University through:

• Research compliance. Many research projects come with significant compliance requirements both federally and from other agencies. These requirements include cybersecurity tools, controls and a complete library of NIST compliant policies.

• Personal and academic data protection. Students, faculty, staff, and governmental partners expect a robust cybersecurity program to effectively protect personal and academic data. To be eligible for federal funding, including financial aid programs, the university will be required to demonstrate compliance with NIST cybersecurity frameworks, including a complete library of cyber policies.

• Business relevance. Business partners are requiring the deployment of a robust cybersecurity program as evidence of sustaining operations during any cyber event. This optimizes business efficiency, both in purchasing power and other business practices.

Additional online resources:

• Security Awareness Training

• Enterprise Endpoint Management

• Vulnerability and Compliance Management

• Patch Management services

• Personal Device Security

If you have any questions, please contact your IT Support Team for assistance.