The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS-40 – Stand for Configuration and Asset Management

 

I. STANDARD STATEMENT

The UTSA computing environment supports many technologies, computers, and electronic devices. While the Office of Information Technology (OIT) is charged with providing and protecting many of these assets, there are significant numbers of “decentralized” computers owned by UTSA but in the care of departmental staff and faculty.

 

II. RATIONALE

This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.

 

III. SCOPE

This standard applies to all UTSA faculty, staff, and students.

 

IV. CONTACTS

If you have any questions about OIS-40 – Standard for Configuration and Asset Management  contact the following office:

The Office of Information Security

informationsecurity@utsa.edu

 

V. PROCEDURES  

1. The following requirements are designed for the protection of the network and the computers utilized throughout the organization.
    1. All UTSA-owned computers must be joined to the UTSARR domain unless written authorization exempting the computer(s) from joining the domain has been issued by the Information Security Office (ISO).
    2. The “Domain-Admins” group, and the Domain Administrator account,​ shall be active and shall not be removed or assigned a reduced level of permission to the device.
    3. Management rights to the equipment shall be delegated to local administrators through Organization Units. Local administrators shall be responsible for the ongoing maintenance of the Organization Units assigned to them.
    4. All UTSA-owned computers must have the university standard configuration utilities installed and reporting back to the central management servers.
    5. No device shall be installed on the network (firewalls, etc.) that will limit the ability of the Information Security Office to access the computers behind the device or limit the computer’s ability to report to the ISO’s configuration management servers.
    6. All UTSA owned computing devices must be entered into Insight.  Devices tagged by UTSA Inventory Control are automatically loaded into Insight.  Non-inventoried assets are not being recorded in the UTSA Inventory system because of cost limits (under $500) or other rules.  Department ID owners and their delegates must enter them into Insight at the Computer Categorization Summary page.  Computing devices are defined as desktops, laptops, tablets, and smart phones.

_________________________________________________________________________

Effective Date: August 5, 2013

Last Revised: November 4, 2014

Reviewed: August 3, 2017