Dakota State University students walking around campus

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Majors & Degrees

Search

Popular searches

smiling woman

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Visit DSU

Home University-Owned Devices

University-Owned Devices

Policy 14.8
Approved by: President
Responsible Officer: CHIEF INFORMATION OFFICER
Responsible Office: INFORMATION TECHNOLOGY SERVICES
Originally Issued: 06/30/2025
Last Revision: NEW
Category: TECHNOLOGY
Related Policy
SD BOR 7.1 Acceptable Use of Information Technology Systems
SD BOR 7.4 Security of Information Systems

  1. Reason for Policy

    The use of desktops, laptops, and other mobile computing devices is integral to a modern working environment. The purpose of this policy is to establish standards to safeguard University-owned computing devices, ensuring the security and integrity of institutional data. It also establishes standards for proper use of such devices, detailing responsibilities of users and ITS to prevent unauthorized access and data breaches. This policy helps maintain compliance with legal and regulatory requirements, supports technological prudence, and upholds the University's reputation by promoting responsible behavior among faculty, and staff in the use of computing devices.

    This policy governs all staff, faculty, contractors, and student employees using University-owned devices, including laptops, desktops irrespective of location or time. It covers device usage during and outside office hours.

  2. Definitions

    1. CIO (Chief Information Officer). Campus Chief Information Officer is the department head for the DSU (Dakota State University) technology department.
    2. Device. University owned or operated desktops, laptops, tablets, and any other devices capable of storing corporate data and connecting to a network.
    3. Device Management. A security technology that manages, monitors, and secures employees' devices across various platforms to protect organizational data and control device functionality.
    4. Device Management Exemption. Formal approval granted by CIO that allows a university-owned device to operate outside the standard university management framework. This exemption may be issued when technical, operational, or research-specific requirements prevent the device from complying with established management policies or tools.
    5. ITS. Information Technology Services. The official technology department for Dakota State University and subsumed departments.
    6. Users. Employees, students, Emeriti, and third-Party vendor or affiliates, volunteers, agents, and authorized users accessing University information technology systems and applications.

  3. Statement of Policy

    1. Responsibilities
      1. Device Users. Users of University-owned devices shall be responsible for the following:
        1. Conduct University-related business on a University-owned device.
        2. Ensure that access to the device is secured physically and logically. Physical access shall be secured by ensuring that all reasonable precautions are taken to protect devices from unauthorized physical access, loss, tampering and theft. Devices shall not be left unattended in public areas.
        3. Ensure that user-installed software is updated and patched in a timely manner.
        4. Ensure that University-approved data storage solutions are used for storing and accessing sensitive University data. These approved solutions include encrypted local drives, University-provided Microsoft SharePoint, Teams Channels, and OneDrive for Business. Additionally, if removable media (such as USB flash drives or external hard drives) must be used, they should be encrypted using University-approved encryption methods to ensure compliance with institutional data security policies and to mitigate risks associated with data loss or unauthorized access.
        5. Report any suspected compromise of any University-related data and devices to ITS as soon as possible.
        6. Report lost or stolen devices to ITS as soon as possible.
        7. Ensure that all software installed on the devices is suitably licensed for use. Installation or use of any software in violation of its license, or of pirated software, is prohibited.
        8. Recognize that there is limited expectation of privacy in any information or activity conducted, sent, performed, or viewed on or with any university-owned devices.
      2. ITS. ITS shall be responsible for the following:
        1. Employ a device management solution, whose software utility can be installed on university-owned devices to provide remote status information, ensure baseline system configuration, and monitor or manage university provided software updates.
        2. Ensure that the device management solution can inventory, monitor (e.g. application installations), issue alerts (e.g. disabled passwords, categorize system software (operating systems, rooted devices), and issue various reports (e.g. installed applications, carriers).
        3. Ensure that the device management solution includes the ability to distribute applications, data, and global configuration settings against groups and categories of devices.
        4. Ensure that specific configuration settings shall be defined for personal firewall and malware protection software to ensure that this software is not alterable by users.
        5. Ensure that device management software deployed is primarily used to implement security controls and manage business risks related to devices.
        6. Enroll all applicable University-owned devices into the approved and centrally managed device management solution.
        7. Manage the Device Management Exemption request process, including the approval or denial of such requests.
    2. Device Usage and Security Compliance
      1. Users shall not modify hardware or software in ways that significantly alter the device's functionality (e.g., replacing or overriding the operating system, jailbreaking, or rooting) without explicit approval from ITS.
      2. ITS reserves the right to restrict or revoke access for devices that do not meet security or configuration baselines.
        1. ITS will determine the baseline on which devices are authorized to connect to the network and may enforce necessary restrictions.
        2. Users shall agree to and accept that their activity may be monitored to record dates, times, duration of access, location, IP address, etc. by ITS to identify unusual usage patterns or other suspicious activity.
    3. Enforcement: Failure to comply with this policy may result in disciplinary action, up to and including suspension, or termination of employment, in accordance with applicable (e.g., staff, faculty, student) handbooks. For non-employees such as contractors/third-parties, failure to comply may result in the suspension or revocation of the User’s relationship with the university.

    Exclusions

    The virtual learning environment used for academic purposes.

    Exceptions

    Work may be performed on devices equipped with University-managed applications. Reference Bring Your Own Device (BYOD) Policy for exceptions.

  4. Procedures (Major)

    1. ITS Procedures
      1. Maintain a centralized inventory of all University-issued devices.
      2. Ensure all new devices are enrolled in the device management system during procurement and before distribution.
      3. Configure and regularly review device management policies and security settings.
      4. Set up user profiles and assign devices to the appropriate groups within the system.
      5. Conduct regular compliance audits, including automated alerts for unenrolled devices or policy violations.
      6. Provide comprehensive documentation, including a knowledge base covering the device management system, common issues, and troubleshooting steps.
      7. Decommission and remove inactive devices from the device management system.
      8. Conduct regular reviews and updates of security standards and strategies used with  computing devices.
    2. User Procedures
      1. Collaborate with ITS staff to identify and resolve any device management issues affecting work functionality.
    3. Exemption Requests. Exempting a user from device management solutions should be carefully considered to balance security requirements and user needs.  Each exemption request will be carefully evaluated to maintain a balance between security and user flexibility.  To provide justification for exemption, users can complete the Device Management Exemption Form.

  5. Related Documents, Forms, and Tools

    Device Management Exemption Form

    NIST Special Pub 800-124 Rev 2

    NIST Special Pub 800-46 

    NIST SP 800-53 (Rev. 5)

  6. Policy History

    Adopted: 06/30/2025

Policies

Policy Request Form