This site requires JavaScript to be enabled

Endpoint Security Standard 

I. Purpose

The Responsible Use of Data and Information Technology Resources policy states that users of Notre Dame computer networks and services are responsible for the security of their devices. This standard provides guidance for secure endpoint computing with Notre Dame networks and services. 

II. Scope

This standard applies to all endpoints connecting to Notre Dame networks and/or IT managed services including but not limited to: workstations, laptops, mobile phones, tablets, smart devices, and personal computing devices used to carry out university business.

The OIT Security Office provides interpretation of this standard. Authorization for exceptions to this standard may be issued by the Chief Information Security Officer or their designee.

This standard is intended to reflect the minimum level of care necessary to protect Notre Dame. It does not relieve any user of further obligations that may be imposed by law, regulation, or contract.

*All users of Notre Dame networks and services are responsible for securing their personally owned devices used to perform university business.

III. Reason

Information technology has become vital in supporting all of Notre Dame’s operations. The diverse and ever expanding complex technology environment at Notre Dame comes with a diverse and ever expanding threat surface.  As this threat surface grows so does the risk of cyber attack.

IV. Procedure

Apply the appropriate safeguards from the information security standards below as applicable to the IT resource based on its security category. The security category defines the minimum requirements for that level.

Request an exception if applicable and relevant safeguards cannot practicably be applied to a particular IT resource. Request process coming soon.

IV. Minimum Security Controls for University Owned Endpoint

IV. Resources

1. Notre Dame Information Security Policy:

2. Notre Dame Responsible Use of Data and IT Resources Policy: