Research Security Requirements–Secure Laptops and Desktops


Overview

research security requirements banner

 

data classification navigation button secure mobile devices button

 

Secure Laptops and Desktops

HITS has a number of 'managed images' for laptops and desktops to provide seamless connection to U-M systems and ensure information security requirements are met. Managed images are customized versions of an operating system (e.g. Windows and MacOS) that include standard software and security features, plus tools and shortcuts to help users quickly access things like network storage. In particular, HITS images help you meet the following Minimum Information Security Requirements when you use packaged software and keep everything up to date:

  • Access, Authentication, and Authorization Management
  • Encryption
  • Network Security
  • Security Log Collection, Analysis, and Retention
  • Vulnerability Management

Note: If you install software yourself (e.g. because there isn't a package for it), you are responsible for keeping it updated.

CoreImage

CoreImage is the name of the HITS managed image for Windows. It comes in three modes: Standard, Flex, and Kiosk. Standard and Flex are the most relevant modes for research and will be covered in more detail below.

The CoreImage can only be installed on certain models of computers because of the way it is engineered. You can find the approved models in the IT Service Catalog at help.medicine.umich.edu. Look in the Computers and Mobile Devices category.

Learn more about the CoreImage and its features.


Standard Mode

Standard Mode is designed for everyday tasks like checking email, browsing the web, and word processing. It has automatic updates and a scheduled start up/shut down cycle so that users don't have to do it themselves manually.



 

Flex Mode
 

Flex Mode is designed for instrument computers and long-running computations. Except for rare critical updates, the Flex Mode will not automatically reboot or shut down so that acquisitions and computations are not interrupted. Flex Mode devices still need to apply updates regularly though, so users must update manually on a regular basis. If updates are not applied in a timely manner, the Flex Mode device will be disconnected the network. To get back on the network, the Flex Mode device will need to be reimaged to be sure that it was not compromised.

 

Learn more about Flex Mode.

 

CoreMac/Izzy

CoreMac is the name of the managed MacOS image. It is the HITS specific version of the campus MiWorkspace MacOS, also known as Izzy. Many folks use the terms "CoreMac" and "Izzy" interchangeably now.

CoreMac can be installed on any MacOS device that is purchased through U-M. This includes the Tech Shop and Marketsite. If a device is purchased through the regular Apple Store, it will not be able to install CoreMac. This is due to the way Apple has implemented their Device Enrollment Program.

 

overview