Search Google Appliance

Information Technology

Foundational Information Security Controls Details


This page is intended to provide information to campus IT administrators or people interested in technical aspects of the foundational information security controls.

The foundational information security controls include:

  • Anti-virus software
  • Patching & central management of University-owned computers
  • Data encryption
  • Firewalls
  • Secure Disposal

For more information on the project, refer to the Information Security Controls page.


Anti-virus software helps prevent and detect malicious software (malware/viruses) on computers. Many viruses enable malicious attackers remote access to computers, capture keystrokes including passwords and other sensitive data, share information from web pages being viewed, or search computers for sensitive data. Detecting and preventing these infections helps reduce the risk of data breaches.

Additional Resources:
Use Anti-Virus Software 

Patching & Central Management of University-Owned Computers

Central management of university-owned desktops and laptops allows systems administrators to maintain inventories of university-owned computers, configure consistent security settings on university-owned computers, and install and patch software. UMASS IT provides KACE and JAMF software to campus departments to help facilitate patching and central management.


The KACE software facilitates central management and inventory of endpoint Windows and Mac computers. The KACE software will allow systems administrators to initially deploy a consistent operating system image and baseline configuration to Windows computers, and install and patch the software on both Windows and Mac computers. Maintaining a software and hardware inventory, deploying a consistent configuration and enforcing patching of the operating system and software applications help reduce the risk of compromise and data breach.

The KACE software consists of a central console that campus IT Administrators use to manage their computing assets, and a software agent that runs on Windows, Mac and Linux desktop and laptop computers.

JAMF (previously known as Casper)

The JAMF software facilitates central management and inventory of endpoint Apple/Macintosh computers. It provides a similar function as KACE, such as consistent initial configuration, and consistent configuration of security controls to help reduce the risk of compromise and data breach to Apple/Macintosh computers.

Data Encryption

Encryption software uses strong mathematical algorithms to encrypt (scramble) data, rendering it unreadable to anyone who does not have the key (passphrase) to decrypt (unscramble) the data. Encryption makes it difficult for unauthorized individuals to access encrypted files, folders or computers, and reduces the risk of data breaches in the event a computer is lost or stolen.

Additional Resources:
Data Encryption at UMass Amherst

Encrypt your University-Owned Laptop or Desktop with Sophos Full Disk Encryption

Restrict Access to Microsoft Office Documents with Rights Management Service (RMS)


Host-based and network-based firewall help block incoming network attacks. Firewall should be configured to allow only network traffic that is necessary for the operation of the service.

Please contact for more information on centrally-managed firewalls.

Secure Disposal

Securely disposing of computing devices and media helps prevent unauthorized disclosure of institutional information and research data. Refer to the UMASS Procurement and Waste Management guidelines on secure disposal of electronic equipment and the UMASS IT guidelines on secure media disposal.

Additional Security Controls

Additional controls may be required based on the categorization of the information or data, the nature of the information technology resource, the applicable regulatory or contractual requirements, or other risk management calculations.


Please contact for more information about implementing these security controls in your department.