Current CPP IT Security Efforts

Vulnerability and Patch Management

CSU and CPP security policy and standards requires all campus computer systems to be updated and patched to mitigate critical information security risk.  IT&IP regularly schedules computer updates and automatically applies all necessary patches. 

The university makes a concerted effort to ensure all CPP managed devices are current with patches to ensure they are protected.  

Access Management - Disable User Access Appropriately and Timely

Data created and used by the California State University System (CSU) and Cal Poly Pomona (CPP) are critical assets and should be appropriately secured per CSU policy. The CSU and Cal Poly Pomona are expected to safeguard its data, preserve network and information system integrity, and ensure continued delivery of services to users.

 Lack of protection to CSU and campus data increases the risk of information security breaches that could result in financial penalties and loss of trust from our campus community and the public.
Improper administration of user-access privileges and inactive accounts increases the risk of inappropriate access to CSU and Cal Poly Pomona information assets and resources. 

The practice of least privilege restricts access rights for users, accounts, and computing resources to only those data and resources absolutely required.

Specifically, Cal Poly Pomona may need to limit access to its information assets and to use appropriate means to safeguard its data, preserve network and information system integrity, and ensure continued delivery of services to users.

User access should be appropriately and timely disabled when users no longer have a business need to access applications that contain sensitive data.

For more information refer to CPP's Guidelines to Disable User Access Appropriately & Timely (2023) (PDF).