Support Level | Support Level 0 | Support Level 1 | Support Level 2 | Support Level 3 | Support Level 4 - Restricted Access |
Description | Non-NYS Owned Computer | NYS Owned ITS provides "Basic" Support Services | NYS Owned ITS Provides "Advanced" Support Services | NYS Owned and ITS "Fully" Supported | NYS Owned and ITS "Fully" Supported |
Examples Include | Student computers, CoachUSA, non-Fredonia / non-state owned hardware, etc | Computers used with Scientific equipment. Single purpose computers, "appliance" type computers, Faculty start-up funded computers (depending on purpose), etc. | Multi-station / Multi-location use systems such as Carrier, Siemens, FSA, Physical Plant, Health Center Systems, Faculty start-up funded computers (depending on purpose), etc. | Prowatch, DVTEL, Wilmac, Banner, AD, ARGOS, Standard Windows desktops, Faculty Mac's, Smart Classroom, Computer Labs, etc. | HIPAA, PCI, or similar type restricted access computer or system required to exceed normally recognized IT security best practice. Falls within level 2 data risk classification |
Data Risk Classification Category | Category 1 - Public | Category 1 - Public | Category 2 - Private | Category 3 - Restricted | Category 3 - Restricted |
OS Patch Management | Vendor or Service Provider installs critical and security OS patches no less than monthly. Current AV solution installed and updated automatically, no less than daily | ITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor) | ITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor) | ITS installs OS updates. ITS installs and configures SEP updates. (OS must have current security and critical patches available from OS vendor) | |
Application Support and Management | Vendor or service provider | Local Fredonia non-ITS faculty / staff or under manufacturer software support agreement | Local Fredonia non-ITS faculty / staff or under manufacturer software support agreement | ITS provides all application support and management or service provided by manufacturer or vendor. Software under manufacturer's support agreement. Funding sources may vary | |
Hardware Support | Vendor or service provider | Physical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sources | Physical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sources | ITS fully responsible for all hardware, maintenance, and support | |
Local and/or Network Printers | Local Only | Local via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed out | Local via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed out | Local via USB or printer defined on non-internet directly accessible 141.238.x.y | |
May connect to Fredonia Wired Network | "Direct to Internet" access only via NAT. | "Direct to Internet" access only via NAT. No 141.238.x.y IP address available | "Direct to Internet" access available. Firewalled and ACL'd 141.238.x.y range available based on need and scope | Yes, full Fredonia 141.238.x.y IP provided via statically assigned IP address reserved in IPAM or MAC address reservation with IPAM assignment via DHCP | |
May connect to Fredonia Wireless Network | No | Yes, via FredSecure or similar 802.1X Solution | Yes, via FredSecure or similar 802.1X Solution | Yes, via FredSecure or similar 802.1X Solution | |
Port allowed Outbound (going outside Fredonia campus) | HTTPS, SSH | HTTPS, SSH | HTTPS, SSH | All required but host sits behind hardware firewall | |
May be connected to Fredonia's Active Directory ("AD.FREDONIA.EDU") | No | No | No | Yes | |
New York State Asset Tag Required | No | Yes | Yes | Yes | |
May initiate a connection to another Fredonia Computer | No | No | No | Yes, but network ACL's may be in effect | |
May be connected from a Fredonia computer initiating the connection | No | RDP, SSH, IP Printing (9100) only | RDP, SSH, SMB (file print sharing). Can not use same eServices account / password | Yes, but network ACL's may be in effect | |
Scanned by NESSUS | Yes, non-credentialed only | Yes, non-credentialed only | Yes, non-credentialed only | Yes, credentialed and uncredentialed | |
Hardware Replacement Costs | Vendor or service provider | Department responsible. No ongoing ITS replacement funding available | Department responsible. No ongoing ITS replacement funding available | Yes, funding sources may vary | |
Disaster Recovery / Business Continuity Disk Imaging Services | None, vendor or service provider responsible | ITS can provide imaging service for Win/Mac Only via optional SLA | ITS can provide imaging service for Win/Mac Only via optional SLA | Full DR/BC Services available with optional / additional SLA | |
Host (OS) Firewall required | Yes | Yes | Yes | Yes | |
May be used to store Fredonia information / data | No | Limited but not HIPAA / FERPA data. See "Normal Backups" below | Limited but not HIPAA / FERPA data without ISO review and approval. See "Normal Backups" below | Yes | |
Inventoried by LanSweeper | No | Yes via SSL off-site method currently used on laptops | Yes via SSL off-site method currently used on laptops | Yes, via full AD credentials | |
WhatsUpGold Alerts and SNMP alarms | No | No. Available with optional SLA | No. Available with optional SLA | Yes, full and enforced use of WUG | |
Whole Disk encryption required | No | Depends on type of information stored | Depends on type of information stored | Depends on type of information stored. All Fredonia owned laptops = yes | |
Regulated Data Security Controls (FERPA, HIPPA, etc.) | No | Depends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia data | Depends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia data | Full controls in place pending review and approval from ISO | |
Who has local admin privileges | Vendor only | Local Fredonia non-ITS faculty / staff. 1Password use available with optional SLA | Local Fredonia non-ITS faculty / staff. 1Password use available with optional SLA | ITS OS admin, ITS application admin, 1Password use required | |
If running web service, is SSL cert required and who procures cert | Yes, vendor or service provider procures | Yes, vendor or service provider procures | Yes, vendor or service provider procures | ITS, funding sources vary | |
Disable IPv6 | Yes | Yes | Yes | Yes | |
Who provides normal daily backups | None, vendor or service provider | Vendor or service provider. ITS may upon optional SLA | Vendor or service provider. ITS may upon optional SLA | ITS provides all OS, application, and image backups | |
Authentication | Local accounts only | Local accounts only | Local accounts only or self supported authentication system | AD bound, Federated allowed. Only local service accounts allowed | |
ACL VLAN changes | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | |
Examples | Student computers, CoachUSA, | Computers used with Scientific equipment. GasBoy, Health Center, etc. | Carrier, Siemens, FSA, etc. | Prowatch, DVTEL, Wilmac, Banner, AD, etc. | |
Computer Naming Convention | None | Should follow documented ITS Naming Convention | Should follow documented ITS Naming Convention | Must follow documented ITS Naming Convention | |
ITS DataCenter Available to Host System(s) | No | Yes, with additional SLA | Yes, with additional SLA | All ITS Servers must be stored in approved ITS controlled DataCenters |
Short URL to this page:
Related articles
Filter by label
There are no items with the selected labels at this time.