TAC MINUTES: Tuesday, 1 September 2020

Approval of August Minutes (M. Davis, 1 min)

Approval postponed until new edits made.  UPDATE: Minutes approved via a virtual vote on 2 September 2020.

Old Business 

• Legacy Operating Systems list August 2020 The list shown here indicates university systems with operating systems that are at end of life or are near end of life. Please review this list and plan to upgrade or decommission soon. Exceptions are needed and should be filed at go.vcu.edu/securityexception if these systems still need to be operated.
• Windows 7/2008 R2 - EoL January 2020
• Apple macOS < 10.14 - Possible EoL October 2020
• RHEL/CentOS 6 - EoL November 2020
• Vulnerability remediation reminder  The quarterly vulnerability scan was last completed by end of July, the general expectation is for system and application owners to address (remediate, indicate false-positive, file exception) vulnerabilities by the next quarterly scan (end of October 2020). A new vulnerability project remediation dashboard is available in insightVM (our vulnerability scanner), it should be used for the tracking of remediation projects. The following link provides instructions for how to log on and review vulnerabilities identified in your system.
• Focus on Projects in vulnerability manager
• Quarterly remediation timeline expectations
• Information Security Baseline review and compliance tools  There are additional baseline adjustments made for Apple MacOS in order to align the baseline to the latest CIS benchmarks. Endpoint Computing group is working to create JAMF scripts to help automate the implementation of the baselines for managed Apple macOS computers. Additionally, Windows (server and client) baseline GPOs are now available as templates that can be copied, tested, modified and used in your areas to meet the baseline requirements.
• Apple macOS baseline (compliance JAMF script is in the works)
• Microsoft Windows baseline compliance GPOs available (TS_InfoSecurity_Template_WinClient*, TS_InfoSecurity_Template_WinServer*)
• MECM/MBAM migration  Continued efforts are being made to migrate existing DDPE managed Bitlocker computers to the Microsoft MBAM solution. Schedule and instructions for linking a pre-migration GPO are both provided below.
• Schedule
• Instructions

New Business

• Current Physical Location 

Representatives from Online@VCU/ALT Lab, Financial Aid, Records and Registration, Institutional Research and Decision Support, and Technology Services formed a working group tasked with recommendations how to comply with new federal regulations related to student location. A new federal regulation, 34 CFR 600.9(c)(2), which went into effect July 1, 2020, requires all institutions to make a determination regarding the state where students are located. A failure to comply could result in the loss of institutional eligibility for Title IV funding. 

Student location refers to where the student is physically located when enrolled in VCU courses and programs. Although VCU collects student addresses (permanent, local, mailing, etc.), those address fields do not necessarily provide their physical location. The Central Authentication Service (CAS) and the myVCU portal have been identified as possible platforms to capture the majority of VCU students’ location information. On the first day of each semester, every student will receive a prompt in CAS that briefly explains that federal regulations require they inform us of the state where they are physically located. Prior to implementation, the workgroup will coordinate with Strategic Enrollment Management to send communication to students explaining and preparing them for this new request. 

• VCU Mobile / Daily Health Check

The ability to complete daily health checks has been added to VCU Mobile.  This effort was undertaken to make compliance with this requirement easier.

• Modo Portal Preview 

Work continues on this project.  The new portal is designed to mimic the current portal.  Eventually we will incorporate many new features into the new portal, which will be easier and less expensive to maintain.  In the near future, the project team will be asking for comments.  

• Discussion of Research Computing needs  

HEETF allocations received - VCU had no cuts.  Allocations are the same as last year.  

Mike and Wies will work offline to develop a workgroup of IT Directors interested in discussing storage needs for research computing, at present there is interest from the Library, SOM, H&S, Pharmacy. 

• Cherwell Asset Management Project  

TS ITSMO is kicking off the Asset Management Project in Cherwell.  To collect needs, we have created a survey that is being distributed to all functional areas of the university.  Requirements Survey

The project is expected to take 6-12 months to complete post requirements gathering but this could be shorter or longer depending on the needs collected and a more detailed project timeline will be created once the requirements are gathered and the scope is defined.

TS Updates

• Canvas Update 

• Blackboard will be retired after the spring 2021 semester. 
• New Canvas training sessions and Canvas Virtual Open House Events for Faculty have been scheduled for September and October. 
• The 2-hour virtual open house events in September will be informal, open dialog sessions where VCU instructors can ask  questions and receive answers from the VCU Learning Systems Senior Manager.  Please register for the open house event with your VCU eID, at the Zoom link provided. You will receive a confirmation email with information about joining the event.

  September 9, 12pm - 2pm Registration:  https://vcu.zoom.us/meeting/register/tJUrdOCuqT0oG9EEevpgO-TIeUEnNmF_7GAA

  September 23, 12pm - 2pm Registration: https://vcu.zoom.us/meeting/register/tJIpdeugpjMjHNNtg9pfx26v4bscU20J87Rr

• The 1-hour training sessions in October will cover topics about importing Blackboard course content into Canvas, creating and managing assignments and quizzes, student enrollments, section cross-listing (merging), and installing 3rd party tools to enhance your course content. The training schedule is located on the Canvas website, along with the registration link. 

• Eric Harvey is leading a Canvas Q&A session at the September 17th ITCC Lunch & Learn. 

• TLS and website security configuration
  There are many areas of confusion around acceptable TLS versions and cipher suite settings. With the end=of-life for TLS 1.0 and 1.1, any websites still supporting these protocols (including the VCU websites) will be identified by external parties as vulnerable. Over the next 12 months, we will work on transitioning off of TLS 1.0 and 1.1, with expected support for TLS 1.2 and 1.3 only. This action can lead to consequences with legacy systems communicating with our current systems and must be taken with caution. The VCU Information Security Office will be working on a guidance document that can be used by application and server administrators to select the best encryption settings with their systems and applications.

• fixIT Operations

If you hear complaints that students or faculty are having trouble obtaining repair services for their laptops/computers, please let Sam Kennedy know. The RamTech Store is in the process of being into the Barnes & Noble store.  It is scheduled to open sometime this fall.

Other Business

• Kaltura issues 

John Skaritza voiced concerns about ongoing persistent issues with Kaltura.  He asked for help in developing real workarounds that may be offered to faculty experiencing problems.

NEXT MEETING:  Tuesday, 6 October