In a push to harden its campus-wide cybersecurity posture, Virginia Polytechnic Institute and State University (Virginia Tech) has released a new university security standard for administrative privileges.
In a letter to the school community, the Division of Information Technology said that to improve the security of the school’s IT systems and services and increase compliance with university IT policies and standards, Virginia Tech has developed the University Computer Administrator Access Standard.
“This new standard, developed by the Division of IT in collaboration with the IT Council, will facilitate tracking of requests and approvals for administrative access rights and creates a new process for requesting these rights,” the letter says.
The Division of IT noted that the new standard will apply to all university-owned computers or servers, as well as any system that is being used to handle high- or moderate-risk university data. Before developing the new standard, Virginia Tech identified the need for better control of these access rights as a key security issue. Further, the letter says that compliance with the new standard will be included in the Office of Audit, Risk, and Compliance (OARC) FY22 Audit Plan for Virginia Tech.
The Division of IT said that implementing the new security standard and process will give the school visibility into who can modify school computers at a higher privilege level than a standard user, capture the reasons the access is needed, and verify that the responsibilities that adhere to these privileges are understood and that the user has the necessary training and experience.
With cyberattacks against institutions of higher education continuing to rise, the school said the new standard will also help it respond more nimbly in the event of cyberattacks, theft, or other compromises to these computers. “These are risks that can have severe implications for Virginia Tech, and the university is committed to addressing them in a conscientious manner,” the letter says.
The letter also notes that the Division of IT team has piloted the new standard within both the Division of IT and the College of Liberal Arts and Human Sciences. The Division of IT will now begin wider implementation across the university with the standard officially going into effect on Jan. 1, 2022.