Security Baselines

Oakland University is committed to protecting the privacy of its students, alumni, faculty, and staff, as well as protecting the confidentiality, integrity, and availability of information important to the University's mission. This document provides guidance on security and identify minimum-security standards associated with systems and applications interacting with University data. These standards are provide as a reference and do not relieve Oakland University or its employees, partners, consultants, and vendors of further obligations that may be imposed by law, regulation or contract. In addition to this guidance all partners, consultants, and vendors are expected to abide by University Policies.

Usage

You are encouraged to begin adopting these standards, prioritizing your systems by risk level. Additional information on risk level is available in the OU Risk Classification KB.

As cybersecurity is a rapidly evolving field that continuously presents us with new challenges, we recommend frequently reviewing this page and associated references to obtain up to date information.

University Owned Endpoints

Minimum Security Standards table for university-owned endpoints. Shows actions to reduce low, moderate, and high risks with colored checkboxes.

Personally Owned Endpoints

Security standards chart for university business endpoints, categorized by risk: low (green check), moderate (yellow check), high (red X).

Printers and Multi-Function Devices

Multiple-Function Devices

University Servers

A table titled "Minimum Security Standards: University Servers" shows standards, actions, and risk levels. Categories on the left list actions like operating system use and patching, matched with risk levels: low (green), moderate (yellow), and high (red). Green check marks, yellow boxes, and red X's indicate risk ratings for each standard, showing compliance requirements for university server security.

University Applications

A table titled "Minimum Security Standards: University Applications" details security actions based on risk levels: low, moderate, and high. Each row contains an action like patching and malware protection, with checked boxes indicating applicability for each risk level. The table uses green for low risk, yellow for moderate risk, and red for high risk, providing a clear visual guide to security requirements.

Print Article