Search

Secure Computing Project and Action Plans

Purpose of Secure Computing

In 2022, the CU Boulder campus adopted baseline security standards for university-owned computers and servers, which are being implemented through the Secure Computing project. The Secure Computing project is asking for all university-owned computers and servers to meet the university’s Secure Computing Standard, and for all university employees to complete the mandatory IT security training. To ensure the integrity of the shared information technology environment on our campus, these standards address the following challenges:

  • Increase the security of university computing assets, including data.
  • Reduce risk to university intellectual property. ​
  • Drive enterprise effectiveness and reduce risk of software audits.
  • Provide support to a broad set of employees.
  • Maintain employee flexibility in their technology to conduct their teaching, research, and creative work.

The Secure Computing project will be completed in phases by October 2025. In Phase 1, OIT and the College of Engineering & Applied Science are asking that units, as defined by our Administrative Council representatives, start the Secure Computing Action Plan process by inventorying your computers and your servers (if applicable) to build and share the status of your unit's compliance. In future phases, the inventory you create will inform your unit head on device replacement planning, budgetary impact, and assessing your unit's overall alignment to the Secure Computing initiative.

Read details and review the timeline for completing each phase of the Secure Computing project.

  • Phase 1: Organizational Unit Inventory and Discovery
  • Phase 2: OIT observation & Summarization
  • Phase 3: Unit Secure Computing Plan Development
  • Phase 4: Ongoing Monitoring

As you begin conducting the inventory of your computers and servers, please note that some employees with multiple appointments across different departments may have devices issued from other departments or units.  Throughout this process OIT is available to provide support at secure-computing@colorado.edu.

Secure Computing within the College 

As part of the Secure Computing initiative, CEAS has launched Phase 1 to inventory all units' computers and servers. This will help us understand future device replacement needs and enhance security. Each unit has assigned delegates to support the inventory process and develop compliance action plans. The success of this initiative relies on the support of CEAS faculty, staff, and students. Delegates will contact them through various methods (meetings, forms, or email) to complete the inventory. Existing inventory processes will be supported to ensure compatibility with current needs.

How can you support the Secure Computing project? 

Provide all the necessary assets (computers and servers) information to your unit’s delegates. As part of the Phase 1 process, the unit delegates will be asking faculty, staff and students to provide the following information for the computer and server inventory and identification process:

Computer (inventory of laptops and desktops): 

  • Computer Names
  • Computer Assignment (person assigned to the computer)         
  • Computer Serial Number           
  • OS Platform (operating system) 
  • ITP Support Group (is the computer support by DDS or self-managed?)   
  • Can it run Windows 11/macOS Sonoma and is the device enrolled in the Secure Computing required software?          

Server (inventory and identification of all servers used):

  • Department     
  • Hostname (server hostname example: EECE-Pho01 or EE-sop-clt-000.colorado.edu)    
  • Responsible for server management (technical contact)           
  • Responsible server owner         
  • Server operating system (Example: Red Hat Linux 9, Windows Server 2022) 
  • Description of services and applications
  • Level of Data Confidentiality (highly confidential, confidential, public)
  • Description of information on this machine (please list data elements). Consider data security regulations these systems may be subject to (FERPA, CUI, GLBA, etc.)
  • Location (building code and room #)     
  • Physical or virtual machine?     
  • Externally facing?         
  • Using centrally provided directory for authentication?            
  • Which EDR tool is installed? Install EDR (endpoint detection and response software) either Crowdstrike for Linux, or Defender for Windows.
  • Does the server meet Secure Computing Standards?            
  • If the server does not meet Secure Computing Standards, what barriers exist?

Please know that there may be a need for a computer or server to be re-imaged to add the needed Secure Computing software. OIT can support the re-imaging of computers, so if you need support, please contact OIT at secure-computing@colorado.edu

If you have questions regarding the installation of EDR software, or questions regarding privacy & software transparency, more information is available on the Endpoint Detection Response (EDR) Software and the Secure Computing - Privacy & Software Transparency webpages.