This is a drafted timeline that is subject to change. Campus CIO's will work with their communities to develop a timeline for each campus.
July 1, 2022
Security Awareness Training requirements for new employees implemented (All new employees have 30 months/days from hire/start date to complete).
Auto (UNL) email account provisioning for new employees.
December 31, 2022
Email forwarding no longer permitted (existing forward continue to function until removed)
Auto (UNL) email account provisioning for existing employees
All new university-owned endpoints are enrolled in management where made available by NU ITS, and comply with Baseline Endpoint configuration controls
March 1, 2023
Existing email forwarding removed (account and rules)
Ending legacy email protocols. Must use email clients that support modern authentication.
All university-owned endpoints are enrolled in management where made available by NU ITS. Essential Security services will be applied to all managed endpoints (Cortex XDR, Vulnerability and Patch Management)
August 1, 2023
University faculty and staff must use university email accounts for university business.
Enforce security requirements on Medium-Risk Network (Level 3) and VPN. BYOD will require OnGuard to access Medium-Risk (Level 3) University systems while on campus. This includes using a modern and patched OS, Cortex XDR, disk encryption, and a firewall.
Security Awareness Training requirements for current employees completed.
Removal of shared accounts for accessing university Information Systems.
Enforce security requirements for university endpoints on Low-Risk Network (Level 2). Will require individual accounts to authenticate university endpoints to Low-Risk Network (Level 2).
March 1, 2024
Inventory duplicate systems and services.
All university-owned endpoints will comply with Baseline Endpoint configuration controls. Will be enforced on university networks.
July 1, 2025
Duplicate systems and services are deprovisioned.
University information systems shall be used for university business and university data and records shall not be stored outside of university information systems.