DCP IT offers a variety of support levels for workstations depending on the needs of the user and their units, as well as the risks and responsibilities that units are willing to accept. For more specifics on the what entails workspace support provided by DCP IT – which goes beyond support of the machines on customer’s desks – please see the overall section on Workspace Support.
Fully DCP IT – managed Workstations
This is the standard service level. DCP IT is responsible for installing and maintaining all required software, agents, encryption, etc. for the user, as well as any UF or UFIT requirements that might be added over time. In addition, DCP IT will ensure the following.
- A standard DCP computer image following UFIT naming conventions will be delivered to the customer.
- Computers and standard software will be updated in a timely basis as updates and patches are released by vendors.
- DCP IT will work with the Information Security Office to “white list” applications on the computer that cannot be updated or patched due to the unit’s business process needs.
- CPM will be installed as the antivirus software.
- The UFEM and UF TPM agents will be installed and actively reporting to their respective central server
Users in this support level do not have administrative access to their machine, and thus have priority over similar help requests from customers who have administrative access.
Jointly Managed Workstations
DCP IT supported employees who need administrative access to their computers, but who do not need a unique setup fall into this category. DCP IT will deliver the machine meeting all UF and UFIT requirements and will be responsible for managing required agents and updates to standard software. If new standards are created, DCP IT will coordinate with the employee to make sure these are met in a timely manner. In addition:
- The employee managing the machine and their supervisor agree to and sign off on the “Local Admin Rights – End User” form. The initial operating system must be a DCP IT image following standard UFIT naming conventions, with minimal changes to the standard image by the employee over time.
- CPM is the required antivirus software.
- For machines on UFAD, the UF SCCM agent must remain installed and reporting to the central UF SCCM server.
- The UFEM agent must remain installed and reporting to the UFEM server.
For standard applications:
- DCP IT will manage updates and patches for standard software and operating systems.
- DCP IT will work with the Information Security Office to “white list” specific applications that cannot be updated or patched due to the unit’s business process needs.
For non-standard applications:
- It is the responsibility of the employee to patch and update non-standard applications – and in particular any applications installed by the employee – in a timely manner.
- The employee or employee’s unit is responsible for working with the appropriate UF or UFIT unit to “white list” or otherwise obtain exceptions for UF or UFIT policies. The documentation of any approved exceptions must also be retained by the employee and/or unit.
- Should the machine become unresponsive or unavailable for updates and patches managed by DCP IT, it is the employee’s responsibility to work with DCP IT to bring the machine back into compliance. If the machine cannot be made available to managed updates, it will be reimaged or converted to “Self-Managed” status, where the self-managed standards will then apply.
In certain cases, the needs of the unit or the particular employee cannot be supported directly by DCP IT (ex: Linux operating systems, Mac systems that DCP IT has not set up). In these cases, it is the responsibility of the employee to insure that all current and future UF and UFIT standards are to be installed and maintained:
- The UFEM agent must be installed and reporting to the UFEM server.
- Antivirus software must be installed, activated and continuously updated (CPM preferred).
- The machine must follow UFIT standard naming conventions for workstations. To avoid duplicates, DCP IT will provide the name to be used.
Additional requirements for laptops, tablets or other mobile devices
- The device must be encrypted, with the key stored in UFEM.
- The device must have a UF Property decal, and be listed UF’s Asset Management inventory as “Attractive /Sensitive Property”. See: http://www.fa.ufl.edu/directives-and-procedures/asset-management/#safeguarding
- The employee managing the machine and their supervisor agree to and sign off on the “Local Admin Rights – End User” form.
- The employee assumes all responsibility and must keep the operating system and software patched and updated in a timely manner.
- If the machine needs exceptions to any UF, UFIT, UF Information Security Office or other applicable policies or standards, it is the employee’s responsibility to obtain and document the approval for these exceptions.
Due to the unique setup of self-managed machines, minimal help support is available for these machines. In all cases, similar help requests from users with standard setups will always be given priority over requests concerning self-managed machines.