MUSC Information Security Standards: Workstation Security

Author: Richard Gadsden
Version: 0.3
Date: 23 May 2005
Status: DRAFT


1. Purpose and Scope

These standards apply to all workstations and all other end-user computing devices used to access MUSC's network. The purpose of these standards is to document the minimum security requirements for these workstations and other end-user devices.

2. Applicable MUSC Policies

3. Standards

3.1. Workstation Owners

3.1.1. Access to Network

Before any workstation or other device may be connected to MUSC's campus network, an Owner must be designated for the device.

The designated Owner of the workstation must ensure that the workstation is configured and maintained in accordance with all applicable platform-specific and application-specific security standards established by MUSC.

3.1.2. Access to Protected Information

In addition, if the workstation can be used to access protected information, then the Owner must also ensure that:

  • the authorized use(s) of the workstation are evident to all prospective users of the workstation
  • all workstation user accounts are granted the minimum privileges necessary for the users to perform authorized operations on the workstation
  • authorized users of the workstation follow appropriate procedures for initiating, terminating, and suspending their sessions
  • physical access to the workstation, and visual access to the workstation's display, are restricted to the workstation's authorized users

3.1.3. Storage of Protected Information

In addition, if protected information is stored on the workstation, then the Owner must meet all information security policies and standards established by MUSC for systems that house protected information.

3.2 Workstation Users

The users of any workstation or other device connected to MUSC's network are required to:

  • understand and meet all of the security responsibilities assigned to them by MUSC's information security policies, including the MUSC Computer Use Policy
  • understand and meet any specific security responsibilities assigned to them by the Owner of the workstation
  • refrain from using the workstation for any unauthorized purpose
  • refrain from installing any software, or storing any information on the workstation, unless authorized by the Owner of the workstation
  • report any potential security anomaly or breach affecting the workstation, or any significant vulnerability that is observed to affect the workstation, through the appropriate reporting channel(s)