Malware Protection

Systems connected to all corporate networks or storing confidential data will be protected from malware in accordance with the IT Malware and End Point Protection standard.

File Integrity Management

Systems connected to the corporate network and /or storing confidential data will be protected for file or data integrity in accordance with the IT Integrity Management standard.

User Controls

Use of corporate systems and access to confidential data is restricted to only those users who have been granted access in accordance to the IT Access Granting, Change and Termination standard.  User controls are further defined in the corporate End User Acceptable Use Policy.  At a minimum, corporate restricts the use of its systems and data to company business functions and requires all users to protect the confidentially, integrity, and availability of critical systems and confidential data.

End Point Protection

For all Corporate owned workstations and laptop computers granted access to the corporate network, end point protection software is required to be installed. At a minimum, end point protection on those remotely accessing devices will include:

• Verification of current antivirus software is enabled and installed with current signatures;
• Verification of current system patch levels is installed;
• Verification that a personal firewall is installed and a remote Intrusion Prevention System (IPS) is enabled.
  • Note: For McAfee or Symantec services, Proactive threat protection and network threat protection is required to be enabled.
• Verification of compliance to the IT configuration standard;
• Verification that logging is enabled.

For all third parties that remotely access or connect to the corporate network or systems, the third party is responsible to establish a program to enforce end point protection in compliance with this standard and will submit the program to the Manager, Security Architecture & Security Compliance teams for approval.