Guideline 220.127.116.11 Anti-malware Installation and Management
Chapter 5 - Administration
Part 1. Purpose:
Subpart A.This guideline establishes responsibilities for the installation and management of software to prevent infection by malicious software (malware) within Minnesota State Colleges and Universities (System). Malware, including viruses, trojans, worms, spyware, key-loggers, etc., represents a substantial risk to information technology resources and the System. Anti-malware provides a layer of protection beyond regularly updating and patching applications and operating systems.
Subpart B. Academic Freedom. Nothing in this guideline shall be interpreted to expand, diminish or alter the academic freedom provided under board policy, a system collective bargaining agreement, or the terms of any charter establishing a System library as a community or public library.
Part 2. Applicability. This guideline applies to all System information technology resources. Institutions may adopt additional requirements, consistent with this guideline and board policy 5.23, for information technology resources under their control.
Part 3. Guidelines.
Subpart A. Vulnerability Scans. Anti-malware Installation. Information technology resources such as servers, desktop and notebook computers connecting to institution networks must have anti-malware installed.
Subpart B. Hand-held Devices. If anti-malware is available for hand-held devices capable of accessing information technology resources, those devices must have anti-malware installed.
Subpart C. Continuous Protection. Anti-malware must be configured to provide continuous protection.
Subpart D. Updates. Anti-malware should be configured to automatically update and should use the most current definition files.
Subpart E. Exceptions. If anti-malware protection is not feasible, alternate risk mitigation techniques must be implemented. The risk mitigation technique selected should be in proportion to the risk. Alternate risk mitigation techniques are considered exceptions.
Part 4. Definitions:
Subpart A. Continuous Protection. Describes anti-malware software that is constantly active and monitoring information technology resources to identify, prevent, and remove malicious software.
Subpart B. Information Technology Resources. Facilities, technologies, and information resources used for system member information processing, transfer, storage, and communications. Included in this definition are computer labs, classroom technologies, computing and electronic communications devices and services, such as modems, e-mail, networks, telephones (including cellular), voice mail, fax transmissions, video, multimedia, and instructional materials. This definition is not all inclusive, but rather, reflects examples of system equipment, supplies and services.
Subpart C. Malicious Software (Malware). Software designed to harm or damage an information technology resource without consent of the resource user.
Subpart D. Must. A statement that is required for a compliant implementation.
Subpart E. Should. A statement that is recommended, but not required.
Subpart F. System. Denotes the Minnesota State Colleges and Universities Board of Trustees, the system office, the state colleges and universities, and any part or combination thereof.
Part 5. Authority. Board policies 1A.1 and 5.23 delegate authority to the vice chancellor to develop system guidelines, consistent with Board policy and System procedure, for the purposes of implementing Board policy 5.23.
- Policy 5.23 Security and Privacy of Information Resources
- Guideline 18.104.22.168 Password Usage and Handling
- Guideline 22.214.171.124 Encryption for Mobile Computing and Storage Devices
- Guideline 126.96.36.199 Data Sanitization
- Guideline 188.8.131.52 Information Security Incident Response
- Guideline 184.108.40.206 Security Patch Management
- Guideline 220.127.116.11 Vulnerability Scanning
- Guideline 18.104.22.168 Payment Card Industry - Technical Requirements
- Guideline 22.214.171.124 Data Backup
- Guideline 126.96.36.199 Breach Notification
- Board Policy 5.22 Acceptable Use of Computers and Information Technology Resources.
- System Procedure 5.22.1 Acceptable Use of Computers and Information Technology Resources.
To view the following related statute, go to the Revisor's website (http://www.revisor.leg.state.mn.us/). You can conduct a search from this site by typing in the statute number.
- Minnesota Statutes §13, Minnesota Government Data Practices Act.
Date of Implementation: 05/17/10,
Date of Adoption: 05/17/10,
Date and Subject of Revisions:
1/25/12 - The Chancellor amends all current system procedures effective February 15, 2012, to change the term "Office of the Chancellor" to "system office" or similar term reflecting the grammatical context of the sentence.
Click here for additional 188.8.131.52 HISTORY.