Skip to Main Content
Information Resources & Communications

Minimum Standards for Connecting Apple Macintosh Desktop and Laptop Computers to the UCOP Network

January 26, 2005

The following requirements bring Apple Macintosh computers into conformance with UCOP IT security requirements. If you are uncertain how to implement these requirements, please contact your departmental PC coordinator. These requirements may change; updates will be documented on the Web site, IT Policies at UCOP.

Devices that fit the following criteria are subject to the minimum standards for connecting desktop and laptop computers to the UCOP network.

--a single user device, such as a laptop or desktop computer, that does not perform file serving functions

--a device that operates with software that can be configured or modified from elsewhere on the network

--a device that does not contain any "restricted" data

--a device that does not provide an "essential" service

  1. All Macintosh computers must be running MacOS version 10.3 or later. All security related software updates that are released by Apple or third party application software vendors must be applied within the time guidelines set by IR&C. It is highly recommended that Apple automatic software update be turned on and set for daily checking.
  2. Norton Antivirus for Mac (produced by Symantec) software must be installed and active and the virus definitions must be kept up-to-date. Antivirus software must be configured for automatic virus definition update.
  3. The Apple built-in firewall (see Sharing under System Preferences) shall be turned on, configured to allow only the minimum required services. File Sharing, if required, must be restricted to the UCOP local network. Client FTP, if needed, must use "passive FTP mode," configured under Network Preferences.
  4. All computers must be configured to require a login upon booting or restart, and before exiting from "sleep" or screen saver modes.
  5. All local account passwords must meet or exceed the requirements of UCOP's password policy.
  6. All computers must be registered with the Technology Service Desk including their location, the MAC address of the NIC(s), and the name(s) of the primary user(s). The computer name must follow the standard convention of first initial plus full last name of the primary user (or a similar format that facilitates the identification of the computer's primary user). If the naming of the computer must deviate from the convention as dictated by the specific business use of the machine, it must be registered with the appropriate IT personnel along with the contact information of the primary user.
  7. Any server-type applications and services running on the computer must be inspected by the appropriate IT personnel for appropriate configuration with respect to security compliance prior to the computer's deployment. Any server-type applications not required by the intended use of the computer shall be disabled or removed.
  8. All software should be installed with the approval of departmental IT personnel. IT personnel reserve the right to remove all unapproved software on UCOP-owned computers.
  9. E-mail, telnet, and/or FTP software shall be configured to use only encrypted transmission for authentication.
  10. IR&C may define a list of software that is not allowed on computers attached to the UCOP network. Any such software must be removed from the computer before it is allowed to connect to the UCOP local network.

Please submit your questions, comments, and suggestions at feedback.html