Information Technologies & Services

You are here

Devices: Computers Policy

1. Supported computers

Supported computers are devices used by an individual (e.g., laptop, desktop, etc.) that are inventoried (“tagged”) by ITS in order to connect to the Weill Cornell Medicine campus network.

1.01 Security for Supported Computers

Given the amount of data that can be stored on an individual’s computer, security and management of the computer is paramount. ITS has developed a set of common standards and practices that must be adhered to when connecting any computer to the WCM network.

1.02 Minimum Security Requirements

Supported computers on the WCM network must adhere to the following minimum security requirements:

  • Installation of the ITS computer management software
  • Installation of the ITS encryption software (in accordance with ITS policy 11.06 – Device Encryption)
  • Installation of the ITS anti-virus/anti-malware software
  • Use of a WCM CWID when logging-in to a Windows computer
  • Use of a strong, complex password when logging-in to a Mac OS computer (in accordance with ITS policy 11.15 – Password Policy and Guidelines)
  • Installation of critical security updates released by Microsoft or Apple
  • Use of applications which still receive security updates released by the vendor
  • Local administrator accounts will be renamed, disabled, or secured with a strong, complex password
  • Services typically found on a server should not be installed on an individual’s computer (e.g., web hosting services, routing or networking, etc.)

1.03 Administrative Access

Individuals with administrative access to their computers significantly increases the risk of infection from malware. Unless absolutely necessary, users should have ‘standard’ or non-privileged access to their computers.

2. Non-supported Computers

Non-supported computers are devices used by an individual (e.g., laptop, desktop, etc.) that are not inventoried (“un-tagged”) and not managed by ITS that may be used to connect to the Weill Cornell Medicine campus network or store Weill Cornell Medicine data.

2.01 Security for Non-supported Computers

Non-supported computers must meet similar security requirements as tagged and managed computers. Given the amount of data that can be stored on an individual’s computer and the risk an unmanaged device can pose to the Weill Cornell Medicine network, security of the computer is paramount. The following set of common standards and best practices must be adhered to for non-supported computers.

2.02 Minimum Security Requirements

Non-supported computers on the WCM network must adhere to the following minimum security requirements:

  • Use of a modern operating system that regularly receive security updates from the manufacturer (e.g., no Windows XP, Windows 7, Windows 8, macOS Sierra, OS X El Capitan, OS X Yosemite, etc.)
  • Installation of an anti-virus or anti-malware product that is current with definition or software updates
    • Windows 10 users may enable the built-in virus and threat protection in Windows Security
    • Many third-party products are available such as Norton, McAfee, or Sophos, among others. Your internet service provider may even provide these products at low or no additional cost.
  • Installation of a host-based firewall product that is enabled and blocking uncommon connections
  • User accounts must be unique to the individual affiliated with Weill Cornell Medicine and configured with a strong password or passphrase
    • Individuals in a household that share the same computer must not have access to WCM data, applications, or services
  • Critical security updates released by Microsoft or Apple must be installed

2.03 User Responsibilities

Individuals using a non-supported computer to access the Weill Cornell Medicine network are expected to comply with the above requirements and also complete the High Risk Attestation annually. Devices being used for long-term work purposes—including long-term storage of Weill Cornell Medicine data—should be tagged and encrypted by ITS in accordance with ITS policy 11.06 – Device Encryption.

2.04 Long-term Support for Non-supported Computers

ITS continually evaluates the risk of allowing non-supported computers to connect to the campus network and is balancing this need based on the availability of critical services and applications. In the future, non-supported computers may be limited in their ability to connect to the WCM network using remote access services such as VPN.

3. Non-standard Operating Systems

Computers connected to the WCM network that are not running an ITS standard operating system must adhere to the minimum security requirements identified above to the extent possible. Individuals with Linux-based devices, including Chromebooks, should limit access to web-based applications and services, only.

Policy Download: 
PDF icon Service Policy Computers

Need Help?

myHelpdesk
(212) 746-4878
Monday - Friday
Open: 6am - 8pm
SMARTDesk
WCM Library Commons
1300 York Ave
New York, NY
10065
M-F
9am - 5pm
Make an appointment

575 Lexington Ave
3rd Floor
New York, NY
10022
Temporarily Closed

IT Glossary

Type an acronym or term you would like a definition for.