Skip to main content

Part of UT Health San Antonio

Information Security - UT Health Science Center San Antonio - UT Health San AntonioInformation Security - UT Health Science Center San Antonio - UT Health Science Center San Antonio

Part of UT Health San Antonio

Quicklinks

Services & Solutions

  • Request E-mail Account
  • Request Voicemail delivery to your email
  • Password Reset
  • VPN (Secure Remote Access)
  • Wireless Support
  • Guest WiFi
  • Telephone Support
  • Forms
  • Policies & Procedures

Information Management Services (IMS)

  • IMS Home
  • Other IMS Services
  • About IMS

 Close Quicklinks

Menu
  • Information Security
  • Policy and Procedure
  • Hardware Security
  • Software Security
  • E-mail and Passwords

You are here

  • Home
  • Security Configuration Management

Security Configuration Management

In compliance with HOP 5.8.8, U.T. System Policy 165, and Texas Administration Code 202 (TAC202), hardware and software platforms must be configured in a secure manner to ensure the confidentiality, integrity and availability of University resources.  The Office of Information Security has adopted the Center for Internet Security (CIS) Benchmarks as prescriptive guidance for implementing “hardened” security configurations in a format that aligns with U.T. System and TAC Control Standards and the National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53).

https://www.cisecurity.org/cis-benchmarks/

 

Implementation

  1. Information Resource Custodians (Custodians) shall ensure that vendor supplied patches are routinely acquired, systematically tested prior to implementation where practical, and installed promptly based on risk management decisions.
  2. Information Resource Custodians shall enable configurations that minimally comply with associated Information Technology and Information Security HOP statements.  These include, but are not limited to, HOP 5.8.4 (Access Management) and 5.8.8 (Information Resource Security Configuration Management).
  3. Each type of platform or device may have its own particular baseline security configuration and maintenance protocols.  While the CIS hardened security benchmarks should be used for configuration guidance, Information Resource Custodians shall seek and implement recommended configurations (such as security checklists designated by the manufacturer for a specific use case) for securing the particular system platform(s) under their control.   

 

Monitoring

The Chief Information Security Officer shall regularly monitor system configuration compliance with minimally acceptable configuration policies and validate configuration gaps with CIS Benchmarks.  Reports of system compliance with these standards will be periodically distributed to Information Resource Owners and Custodians as guidance in assessing and mitigating risk of platform(s) under their control. 

 

Information Security may disable or de-activate a system or a service or application running on the system if its configuration is deemed a significant and immediate risk to the University network or other information resources.

Information Security Department

7703 Floyd Curl Drive
San Antonio, TX 78229

210-567-0707

  • Contact us
  • Maps & directions
  • Job openings
We make lives better ®

We're a part of the UT Health San Antonio, provider of comprehensive health,  dental, &  cancer care,  advanced academics  and  life-saving research.

Web Privacy | Links from websites affiliated with The University of Texas Health Science Center at San Antonio's website (uthscsa.edu) to other websites do not constitute or imply university endorsement of those sites, their content, or products and services associated with those sites. The content on this website is intended to be used for informational purposes only. Health information on this site is not meant to be used to diagnose or treat conditions. Consult a health care provider if you are in need of treatment.