This is a drafted timeline that is subject to change. Campus CIO's will work with their communities to develop a timeline for each campus.
December 31, 2022 (Complete)
- All new university-owned endpoints are enrolled in management where made available by NU ITS
January 3, 2023 (Complete)
- Auto (UNL) email account provisioning for existing employees
- Auto (UNL) email account provisioning for new employees
- Email forwarding no longer permitted
- Begin inventory of systems/services
- Security Awareness Training requirements for new employees implemented (All new employees have 30 days from hire/start date to complete)
March 1, 2023 (Complete)
- Essential Security services will be applied to all managed endpoints (Cortex XDR, Vulnerability and Patch Management).
- Continue enrolling university-owned endpoints in management where made available by NU-ITS. For additional detail, see Endpoints.
May 22, 2023 (Complete)
- All university-owned endpoints are enrolled in management where made available by NU ITS. High Risk endpoint security posture required to access High Risk Information Systems.
July 5, 2023 (In Progress)
- Remote VPN access to Medium Risk Information Systems will require Medium Risk endpoint security posture.
- Inbound access to general endpoint roles in Edge Network Levels 1, 2, & 3 will be limited to secure remote access protocols and ITS Remote Support service.
August 1, 2023
- University faculty and staff must use university email accounts for university business
- Unified Edge Network access to Medium Risk Information Systems will require Medium Risk endpoint security posture for university owned and BYOD endpoints.
- Security awareness training requirements for current employees
- Supported OS required to authenticate on the Unified Edge Network (Level 2 and above)
- Removal of shared accounts for accessing university Information Systems
- Low Risk endpoint security posture and individual user accounts will be required to authenticate university owned endpoints to Low-Risk Network (Level 2)
March 1, 2024
- Inventory duplicate systems and services
- All university-owned endpoints will operate with the Enterprise Endpoint Management and Minimum Security Controls. Will be enforced on University Networks.
July 1, 2025
- Duplicate systems and services are deprovisioned
- University information systems shall be used for university business and university data and records shall not be stored outside of university information systems