Server Standards

Only install and use actively patched and supported vendor Operating Systems. Any Operating System identified as End-of-Life must be upgraded. Major vendor operating systems include:

• Microsoft Windows
• Apple macOS
• Linux (Red Hat, Ubuntu) with the latest distribution or distribution marked “Long-Term Support (LTS).”

Patch vendor-supported Operating Systems regularly. Plan for retirement, replacement, or rehosting of servers and other systems before reaching end-of-life status with the corresponding vendor.

Patch application software regularly. Plan for retirement, replacement, rehosting, or refactoring of applications and application software before reaching end-of-life status with the corresponding vendor.

If prioritization for patching efforts is needed, focus first on applications with a public IP address and any application with critical severity, easily accessible, or actively exploited vulnerabilities. Some data for applications with vulnerabilities can either be found in each unit's Falcon dashboard or the enterprise Github environment. Application owners should also subscribe to the applicable vendor-supplied vulnerability notification service.

CrowdStrike Falcon is the required endpoint protection platform for BYUH and CES. Do not disable or uninstall Falcon unless specifically directed by the CES Security Operations Center. If Falcon conflicts with other anti-virus software, remove the other anti-virus products.

Note: The Falcon client does not need to be installed on tablets and mobile devices.

Centralized Log Management

Log records are to be in a single location which is secure for storage. 120 day retention is the target.

Backup and Restore

Create a copy of confidential and sensitive data and save in case data is lost, compromised, or corrupted. Backup is used to restore data to a previous point in time.