IT Professionals,
The University Information Security Office (UISO) would like to announce some recent changes to the vulnerability scanning process. The goal of these changes is to shorten the discovery threshold and help align the process with the more frequent patch and remediation cycles on hosts.
- University-wide scans are now performed on a weekly basis, instead of monthly.
- Since we are scanning weekly, scheduled departmental scans will be disabled. Contact the UISO at scanner-admin@iu.edu if you need to continue with your departmental scan. Ad-hoc scans to recheck vulnerability fixes won’t be affected by this.
- Agent-based scanning is encouraged where applicable. Agent-based scans are more comprehensive, frequent, and require no action to recheck fixed issues. Agent licenses are limited now, but will be expanded to meet demand.
- The UISO is making a renewed effort to ensure every host within the IU Data Centers has active vulnerability reports being received and remedied. You are encouraged to contact the UISO about Qualys if you aren’t enrolled in or if you think you have missing resources in Qualys.
- Non-data center assets should be limited to servers, and workstations which administer those servers. This includes laptops and desktops which are primarily off campus, using the Qualys Agent.
If you have any questions, all queries should be directed to scanner-admin@iu.edu. You can also ask to join the UISO Vulnerability Management Microsoft Team for collaboration, quick notifications, and emerging threats.
–IT Community Partnerships on behalf of University Information Security Office