The purpose of this document is to support compliance with the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices, section 2.7 Limit Administrative Account Privileges.
To: Individual requesting exception
From: IT Director or designee
Re: Exception to Endpoint Security Standard, 2.7 Limit Administrative Account Privileges
You have requested an exception to the Endpoint Security Standard, 2.7 Limit Administrative Account Privileges (“Restrict administrative privileges to device administrators only”). Based on your business case, this request is approved. Please note the policies and standards governing endpoint device security may change or be modified in the future.
In order to maintain administrative privileges, you must adhere to the following stipulations:
Any deviation from these stipulations will result in the revocation of your administrative access. Full administrative control of your device will revert to IT support staff.
By requesting this exception, you assume all risk and responsibility for potential security issues. Once I receive a confirmation email from you accepting these requirements, you will be granted administrative access.
Please note that these restrictions are not about trust or competence, they are about minimizing risk and exposure to the University. The University completed an Enterprise Risk Management (ERM) assessment and these standards resulted from that initiative. In addition, system compromises and security breaches are on the rise and these standards have been implemented in order to minimize the exposure of the University. Incidents such as the ECMC ransomware breach and other campus ransomware incidents have increased our focus on security. For more information, please review the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices.
Thank you for understanding, and if you have any questions, please let XXX* know.
* This may be the person sending the email, or a designated point of contact. Therefore, it will be different for each node