As defined in the CIS Critical Security Controls, includes all end-user devices, IT Network devices, non-computing/Internet of Things(IoT) devices, and servers that exist in virtual, cloud-based, or physical environments, including those that can be connected to remotely. For University policy, Information Technology Assets are defined as those that are owned and managed by the University and that have the potential to store, process, or transmit Data. Included in this definition is the Software Asset which is the programs and other operating System information used within an Information Technology Asset.