REG 08.00.10 – Anti-Virus Software Requirements

Authority: Issued by Vice Chancellor for Information Technology.

History: First Issued: July 13, 2004. Last Revised: February 14, 2017.

Related Policies: 
NCSU REG08.00.02 – Computer Use Regulation

Additional References:
NC State Antivirus Resources
Antivirus Exemption Request form 

Contact Info: Vice Chancellor for Information Technology (919-515-0141)

1. Introduction

Viruses, worms and other malicious software can destroy critical or confidential data, compromise security and generate a large volume of network traffic. A small number of infected computers can have a catastrophic effect on NC State’s networked systems and on the University’s ability to perform core business and instructional functions. Therefore, in order to protect the campus computing infrastructure, the University has implemented a requirement for the use of antivirus software.

NC State faculty, staff and students are required to have up-to-date antivirus software installed and operational on all personally-owned or University-owned computers connected to the campus network. The antivirus protection may be provided by the operating system vendor or be an approved alternative. Approved antivirus software recommendations and requirements are available from the NC State Antivirus Resources web site.

2. Requirement and Responsibilities

2.1 All computers, including those that are personally owned, that connect to the campus network via the NC State wireless network (Nomad and Eduroam) or connecting via NC State’s VPN service, must run up-to-date, approved operating system antivirus protection as defined on the NC State Antivirus Resources website. All students, including residence hall occupants, are subject to this regulation.

2.2 Installation, troubleshooting and maintenance of antivirus software are the responsibility of all persons having administrative privileges on computer(s) connecting to the campus network.

2.3 If a specific computer or group of computers requires an exemption to this requirement, an Antivirus Exemption Request form must be submitted for approval. However, administrators should be aware of the risk to their systems and data should a virus infection occur. It is recommended they acquire and install antivirus software to mitigate these risks. If needed, users should consult with other local computer administrators or the OIT Security & Compliance Group for guidance in making this decision.

2.3.1 Individuals and groups may receive an exemption from the University mandated antivirus software requirement if the need for an exemption is supported by both the unit IT Director and approved by the Security Technology Working Group of the Security & Compliance Governance Individuals or groups requesting an exemption must submit justification to the Chair of the Security Technology Working Group via the Antivirus Exemption Request form. The request must describe the necessity for an exemption and specify what alternate protections are in place. This exemption only applies to the computer(s) specified in the exemption request. Computer users receiving an exemption are still subject to all other aspects of the Computer Use Regulation.

2.4 This regulation does not preclude units from implementing a more stringent requirement.

3.   Non-compliance and Violations

Violations of this antivirus regulation will be handled in accordance with the Computer Use Regulation. Violations may result in the computer being blocked from the network if it is causing a security or performance impact on the campus network. Computers will not be unblocked until the machine is cleaned and brought into compliance. In addition, users may be disciplined in accordance with Section 5 of the Computer Use Regulation.