Device IT Security Requirements

To use your personal device for University business, it must meet all requirements and standards of both the University and the UCLA Health Sciences. Devices must meet five major requirements to be acceptable for University business usage (not comprehensive).

Note: Please read all UCLA Health Sciences policies to ensure your device meets all the requirements.


Software patch updates

What does this mean?
Simply put, you must make sure software that receives security patches from the manufacturer (such as your operating system) is up-to-date.

Why is this necessary?
If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch, you might be leaving your computer vulnerable to malware to come in. Malware exploits flaws in a system in order to do its work. The time frame between an exploit and when manufacturers are releasing patches is continually getting shorter, so it is important to stay on top of your patching.

Defects in clients like web browsers, email programs, image viewers, instant messaging software, and media players may allow malicious websites, email messages, IM messages, images, and sound files to infect or compromise your computer with no action on your part other than viewing or listening to the website, message, or media.

How do I fix this?
To check for software updates:

Common software to check for patches

1. UCLA Policy 401: Minimum Security Standards for Network Devices


Anti-Malware Software

What does this mean?
You must have anti-malware software installed on your computer and running.

Why is this necessary?
Anti-malware software protects against infections caused by many types of malware, including viruses, worms, Trojan horses, rootkits, spyware, keyloggers, ransomware and adware. Defects in clients like web browsers, email programs, image viewers, instant messaging software, and media players may allow malicious websites, email messages, IM messages, images, and sound files to infect or compromise your computer with no action on your part other than viewing or listening to the website, message, or media.

How do I fix this?
You may download Sophos anti-virus software for free online or use your own anti-virus/anti-malware software if comparable: https://www.bol.ucla.edu/software/sophos

Don’t forget to patch your anti-virus software!

1. UCLA Policy 401: Minimum Security Standards for Network Devices


Host-based Firewall Software

What does this mean?
You must enable your computer’s firewall.

Why is this necessary?
A firewall acts as a filter between your computer and the Internet. Firewalls block unauthorized network access to your device. Firewalls help improve the security of your computer by blocking unsolicited, malicious connection attempts.

How do I fix this?
To enable the native firewall on your computer:

1. UCLA Policy 401: Minimum Security Standards for Network Devices


Password-protected Screen Saver

What does this mean?
Your computer must be password-protected both from start-up and from screen saver/sleep mode after 15 minutes of inactivity.

Why is this necessary?
A strong password is your first line of defense against physical attempts to break into your computer. It is important to use a password for both start-up and after 15 minutes of inactivity in the event your computer is lost or stolen. If your computer is not password-protected after 15 minutes of inactivity, anyone can view and steal the contents of your computer if it is lost while still powered on.

How do I fix this?
Passwords must meet the following minimum standards:

  • Contain eight characters or more
  • Contain characters from at least two of the following three character classes:
    • Letters (e.g.: a-z, A-Z)
    • Numbers (i.e. 0-9)
    • Special characters including a space ( !@#$%^&*()_+|~-=\`{}[]:”;’<>?,./)

Enable password from start up:

Enable Screen Saver Lock:

1. UCLA Policy 401: Minimum Security Standards for Network Devices
2. UCLA Health Policy HS 9457: Information Technology Security


Encryption

What does this mean?
If you use your computer for University business, it must be encrypted.

Why is this necessary?
Mobile devices, because of their very mobility, are at high risk of being lost or stolen. There have been several instances of laptop thefts with significant amounts of patient personal or restricted health information on them. Encryption reduces your risk of exposure of sensitive and confidential information to unauthorized individuals, so that only those who should access your information can. This will also protect your own personal information in the event of loss or theft and is generally good electronic media hygiene.

How do I fix this?
Please encrypt your device on your own or contact your CSC for assistance. If you encrypt your device on your own, you must register your device here .

3. UCLA Health Policy HS 9453-C: Use of Mobile Devices and Removable Media