REG 08.00.10 - Anti-Virus Software Requirements
Authority: Issued by Provost and Executive Vice Chancellor; Vice Chancellor for Finance and Business
History: First Issued: July 13, 2004.
NCSU REG08.00.02 - Computer Use Regulation
Contact Info: Vice Provost for Information Technology (919-515-5493)
NC State faculty, staff and students have access to site-licensed commercial anti-virus software for use on all University-owned as well as personal computers. The software and associated information are available from the NC State Anti-Virus web site.
Viruses, worms, and other malicious software can destroy critical or confidential data, compromise security, and generate a large volume of network traffic. A small number of infected computers can have a catastrophic effect on NC State's networked systems and on the campus's ability to perform core business and instructional functions. Therefore, in order to protect the campus computing infrastructure, the University is implementing a requirement for the use of anti-virus software.
2. Requirement and Responsibilities
2.1. All computers (including personally owned) connecting to the campus network (including computers connecting via the NC State wireless network (Nomad), NC State VPN, or NC State modem pool) that are running one of the listed operating systems for which the University has site-licensed an anti-virus software package are required to install and enable the University site-licensed anti-virus software. If a user desires to run an alternate anti-virus product, it must be on the approved NC State antivirus list or the user must request approval with justification according instructions available on the NC State University Anti-Virus web site. All students, including residence hall occupants, are subject to this regulation. Students who are residence hall occupants should note that ResNet also has an anti-virus requirement that covers residence hall occupants.
2.2. Installation, troubleshooting, and maintenance of the anti-virus software are the responsibility of all persons having administrative privileges on computer(s) connecting to the campus network.
2.3. Computers running operating systems for which the University has not site-licensed an antivirus software package are exempt from this requirement. However, administrators should be aware of the risk to their systems and data should a virus infection occur. It is recommended they acquire and install anti-virus software as they deem appropriate to mitigate these risks. If needed, users should consult with other local computer administrators or the OIT Security & Compliance Group for guidance in making this decision.
2.4. Individuals and groups may receive an exemption from the University mandated anti-virus software requirement if the need for an exemption is supported by the unit IT Director and approved by the Security Subcommittee. Individuals or groups requesting an exemption must submit justification to the Chair of the University IT Security Subcommittee. The request must describe the necessity for an exemption and specify what alternate protections are in place. This exemption only applies to users who are required to install the anti-virus software. Computer Users receiving an exemption are still subject to all other aspects of the Computer Use Regulation.
This regulation does not preclude units from implementing a more stringent requirement.
3. Non-compliance and Violations
Violations of this anti-virus regulation will be handled in accordance with the Computer Use Regulation. This may result in the computer being blocked from the network if it is causing a security or performance impact on the campus network. Computers will not be unblocked until the machine is cleaned and brought into compliance. In addition, users may be disciplined as allowed in Section V of the Computer Use Regulation.