Skip to main content

DEVICE MANAGEMENT

The Texas A&M Security Controls Catalog contains many requirements regarding the use of end user devices to access university data and to conduct university business. These controls are necessary in order to remain compliant with State of Texas, TAMU System, and university regulations. For this reason, all devices owned or operated by Texas A&M—regardless of cost or value—must be managed.

A device is managed when all the following requirements have been met

  1. The operating system standard user (i.e., non-privileged) account is synced with a NetID credential (AC-2, AC-6, IA-5).

  2. Texas A&M Technology Services can remotely and routinely apply security policies to the device (RA-2).

  3. Texas A&M Technology Services can remotely and routinely apply operating system and software updates to the device (CM-1, RA-5).

  4. Required security agents are installed and enabled (SI-3, RA-2).

  5. The device is encrypted according to the classification of data that is stored on or accessed from the device (SC-13, RA-2, MP-7).

Standard Management Platforms

Typically, the requirements listed above are applied and enforced using a device management platform like SCCM or Intune for Windows devices, and Jamf or Kandji for Macs. Device management platforms allow systems administrators to remotely monitor and repair devices, and apply security controls and policies in a consistent manner.

Historically, different groups within Texas A&M have used a variety of platforms to manage devices. As we centralize our operations, reducing the number of different platforms reduces support costs, increases our efficiency, and allows for knowledge and workload sharing between teams. Settling on a single platform per major operating system allows us to deliver those platforms with enterprise-class reliability.

Technology Services has selected Jamf to be the management platform for Mac devices, and Intune will be the management platform for Windows end user devices. Migration to these platforms may take some time; in the meantime, it is critical that any local management tools are implementing the five requirements listed above to ensure that devices are adequately managed.