User login


Registration And Protection Of Endpoints Policy

Published: October 2013

Revised: November 2014,

October 2017

I. Introduction

This Policy describes the requirements for security controls
to protect Endpoints that process, transmit and/or store Data
(as each is defined in the Columbia University Information Security
Charter (the “Charter” Such requirements differ depending on whether such Data is Sensitive Data, Confidential Data, Internal Data or Public Data (as each is defined in the Charter).


No distinction is made in this Policy between an Endpoint owned by the University or personally owned. All Information Security Policies (as defined in the Charter) will apply to a personally owned Endpoint used for University business.


Any Endpoint that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protection requirements set forth in Section III(B) or (C) and, if applicable, Sections III(D), (E), (F) and/or (G), in each case for the most restricted class of Data that is processed, transmitted or stored on such Endpoint.


Capitalized terms used in this Policy without definition are defined in the Charter. 


II. Policy History: 

The effective date of this Policy is November 1, 2013.  This Policy and the other Information Security Policies replace (A) the following University Policies:

  • CUIT Security Policy
  • Desktop and Laptop Security Policy, dated November 1, 2007
  • Desktop /Laptop/Mobile Devices Security Requirements When Storing Sensitive Data
  • Electronic Information Resources Security Policy, dated March 1, 2007
  • Encryption Policy, dated December 1, 2007
  • Peer to Peer (P2P) File Sharing Policy, dated October 2008
  • University Mobile Phone Registration and Password Policy, dated March 1, 2013 and (B) the following CUMC Policies:
  • General Information Security Policy, dated November 15, 2007
  • Information Security: Media, Backup and Controls, dated November 2012
  • Workstation Use and Security Policy, dated November 2012 


III. Policy Text


To see the full text of this policy, please use the link on the right.