Dakota State University students walking around campus

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Majors & Degrees

Search

Popular searches

smiling woman

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Visit DSU

Home Endpoint Protection

Endpoint Protection

Policy 14.15

Approved by: President
Responsible Officer: Chief Information Officer
Responsible Office: Information Technology Services
Originally Issued: 02/09/2026
Last Revision: New
Category: Technology

Related Policies

SD BOR 7.4 Security of Information Systems
DSU Access Control Policy 14.5
DSU University-Owned Devices Policy 14.8

I. Reason for Policy

The purpose of this Endpoint Protection Policy is to define the standards for deploying, configuring, and managing endpoint protection solutions across Dakota State University (DSU). This policy safeguards university systems, networks, and institutional data against malware, ransomware, phishing, data theft, and other cybersecurity threats targeting endpoints.
This policy ensures compliance with applicable regulatory frameworks (including NIST SP 800-83, NIST SP 800-53, and GLBA requirements) and supports DSU’s broader cybersecurity program.

II. Scope

This policy applies to all university-owned or managed computing devices (desktops, laptops, servers, mobile devices) that connect to DSU networks or handle non-public institutional data.

III. Definitions

  1. CIO (Chief Information Officer). Campus Chief Information Officer/Vice President of Technology is the department head for the DSU (Dakota State University) technology department.
  2. Endpoint. Any device that connects to the DSU network or accesses university data, including desktops, laptops, servers, tablets, smartphones, or IoT devices.
  3. Endpoint Protection Platform (EPP). A comprehensive security solution that integrates antivirus, anti-malware, device control, firewall management, behavioral analysis, and automated response capabilities.
  4. Endpoint Detection and Response (EDR). A component of endpoint protection focused on detecting, investigating, and responding to suspicious activities or security threats.
  5. Information Resources. Information resources cover all assets utilized to store, process, and transmit information within an organization. This includes hardware such as servers and computers, software applications, databases, and the networks that connect them.
  6. Institutional Data. Data for which institutional resources or institutionally owned, leased, licensed, or provided technology systems are used to create, manage, transmit, process, or store it, including administrative, instructional, operational, and research data. When institutional systems, devices, funding, or networks are used to create or process research data, the resulting data is considered institutional data regardless of where the researcher is physically located or which device is used at the moment of creation.
  7. ITS. Information Technology Services. The official technology department for Dakota State University and subsumed departments.

IV. Statement of Policy

  1. Endpoint Protection Standard: ITS shall implement and maintain a centrally managed endpoint protection solution providing:
    1. Real-time and scheduled malware and ransomware protection.
    2. Behavioral and heuristic threat detection.
    3. Automated updates for threat definitions and software components.
    4. Integration with the university’s monitoring and incident response tools.
    5. Centralized management, reporting, and alerting capabilities.
    6. Support for all approved operating systems and device platforms used at DSU.
  2. Deployment and Configuration: ITS is responsible for:
    1. For Agent based deployments: Installing and configuring endpoint protection software on all university-owned and managed devices.
    2. For all deployments: Ensuring the use of posture analysis and application of network restrictions to match the necessary access needed by the workload in question.
    3. Enforcing real-time protection, scheduled scanning, and tamper protection.
    4. Maintaining an inventory of all protected endpoints.
  3. Updates and Maintenance:
    1. Endpoint protection agents must be kept active, updated, and properly configured.
    2. ITS shall ensure daily signature and software updates are automatically deployed or manually applied when necessary.
    3. Systems found to be unprotected or out of compliance will be remediated or isolated until compliance is restored.
  4. Monitoring and Incident Response: ITS shall continuously monitor endpoint alerts and compliance reports through the centralized management console. When a threat is detected:
    1. The affected system will be isolated from the network.
    2. ITS will conduct full scans, document findings, and remediate or restore the system using verified backups.
    3. Related systems will be assessed for potential compromise.
    4. All incidents will be managed under the University’s Incident Response Plan.
  5. User Responsibilities
    1. Users must not disable, uninstall, or alter endpoint protection configurations.
    2.  
    3. Users must immediately report any endpoint alerts, suspicious activity, or system anomalies to ITS.
    4. Users must avoid downloading unverified software or opening suspicious attachments.
    5. Participation in security awareness training is required annually.
  6. Policy Review and Enforcement
    1. This policy shall be reviewed annually by the CIO or upon significant technological or regulatory changes.
    2. ITS may conduct endpoint audits and compliance scans.
    3. Violations may result in disciplinary action, including suspension of network access or other measures consistent with university policy.

Exclusions

This policy does not apply to the following:

  • Student owned devices
  • Approved institutional devices used specifically for research and academic instruction workloads that are in an isolated environment.

Exceptions

Exceptions must be approved by the CIO. Devices requiring exclusions from scanning or protection due to software compatibility must provide written justification, reviewed annually for continued validity.

V. Procedures (Major)

  1. ITS Procedures
    1. Deployment & Configuration: Verify endpoint protection installation and operation on all devices.
    2. Updates & Maintenance: Ensure daily update checks and patch compliance.
    3. Monitoring & Reporting: Review weekly reports for anomalies and compliance status.
    4. Incident Response: Follow university incident response protocols upon detection.
    5. Documentation: Maintain records of configurations, incidents, and resolutions.
  2. End User Procedures
    1. Compliance: Ensure endpoint protection remains active and updated.
    2. Reporting: Report alerts or issues immediately to ITS.
    3. Device Access: Non-compliant devices may lose network access until verified secure.

VI. Related Documents, Forms, and Tools

NIST SP 800-83 Rev 1 - Guide to Malware Incident Prevention and Handling

NIST SP 800-61 Rev 2

University Incident Response Plan

VII. Policy History

Adopted: 02/09/2026

Policies

Policy Request Form