Highline College

Connect with Highline College

Winter quarter starts Jan. 6. Class enrollment is now open to all current and new students. View the class schedule and enroll today.

1.9 Workstation Security Standard

Home/IT Security/IT Security Policy/1.9 Workstation Security Standard
1.9 Workstation Security Standard 2024-03-25T12:17:03+00:00

1.9 Workstation Security Standard

 

1.9.1. Overview

See Purpose.

 

1.9.2. Purpose

The purpose of this standard is to provide guidance for workstation security for Highline College workstations in order to ensure the security of information on the workstation and information the workstation may have access to.

 

1.9.3. Scope

This standard applies to all Highline College employees, contractors, workforce members, vendors and agents with a Highline College-owned or personal-workstation connected to the Highline College network, not including the wireless network.

 

1.9.4. Standard

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including Personally Identifiable Information (PII) and that access to sensitive information is restricted to authorized users.  

1.9.4.1 Anyone using Highline owned workstations shall consider the sensitivity of the information, including PII that may be accessed and minimize the possibility of unauthorized access.

1.9.4.2 Highline College will implement physical and technical safeguards for all workstations.

1.9.4.3 Appropriate measures include:

  • Restricting physical access to workstations to only authorized personnel.
  • Securing workstations (screen lock or logout) prior to leaving area to prevent unauthorized access.
  • Enabling a password-protected screen saver with a short timeout period to ensure that workstations that were left unsecured will be protected.  The password must comply with Highline College Password Standard.
  • Complying with all applicable password policies and procedures. See Highline College Password Standard.
  • Ensuring workstations (excluding lab workstations) are used for authorized business purposes only.
  • Never installing unauthorized software on workstations.
  • Storing all sensitive information, including PII on network servers  
  • Keeping food and drink away from workstations in order to avoid accidental spills.
  • Securing laptops that contain sensitive information by using cable locks or locking laptops up in drawers or cabinets.
  • Complying with the Mobile Device Encryption Standard.
  • Complying with the Baseline Workstation Configuration Guideline.
  • Installing privacy screen filters or using other physical barriers to alleviate exposing data.
  • Ensuring workstations are left on but logged off in order to facilitate after-hours updates.
  • Exit running applications and close open documents
  • Ensuring that all workstations use a surge protector (not just a power strip) or a UPS (battery backup).
  • If wireless network access is used, ensure access is secure by following the Wireless Network Standard.

 

1.9.5. Compliance

1.9.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

1.9.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

1.9.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

1.9.6. Related Standards, Policies, and Processes

1.5 Password Standard

4.3 Mobile Device Encryption Standard

2.4 Wireless Network Standard

 

1.9.7. Revision History

Date By Summary