Responsible Office: Office of Cybersecurity |
Last Review: 09/21/2023 Next Review: 09/21/2025 |
Contact: Chris Madeksho |
Phone: 901.448.1579 Email: mmadeksh@uthsc.edu |
Purpose
To ensure the confidentiality, integrity, and availability of the University’s IT Resources by regulating the controlled use of Internet of Things (IoT) devices and connecting them to the appropriate University network.
Scope
All IoT devices that reside on the UTHSC network (wired and wireless).
Definitions
IT Resources – Computing, networking, communications, applications, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Internet of Things – Physical objects (e.g., vehicles, appliances, lab or medical equipment, and other items embedded with electronics, software, sensors, actuators) that communicate, sense, or interact with their internal states or the external environment via network connectivity.
Standard
- University-owned IoT devices must adhere to NISTIR 8259A IoT Cybersecurity Capability Core Baseline.
- IoT devices must be installed and maintained using the Information Security Requirements Guidance.
- IoT devices must comply with all University information security standards such as, but not limited to, Network Security, Access Control, Data & System Classification, Vulnerability Management, and Password Management.
- IoT devices will be connected to the appropriate controlled network segment.
- IoT networks must be monitored to identify abnormal traffic and emergent threats.
References
- RM-002-Vulnerability Management
- SC-001-Network Security
- IoT Device Cybersecurity Capability Core Baseline (nist.gov)
- Information Security Requirements