Service Description
This catalog item allows you to register or deregister High Protection Obligation University IT technology as required by the UNC Standard on Information Security Controls (MSS). This registration is held with the Information Security Office (ISO) and is used for multiple purposes but primarily for vulnerability management activities.
When to register a High Protection Obligation University IT asset
The MSS defines High Protection Obligation for systems processing, storing, or transmitting up to Tier 3 “restricted” data that has a “need to know” obligation or technology designated “Critical IT infrastructure.” If an IT asset meets any of these criteria, it must be registered. The University Information Security Office (ISO) may designate systems as High regardless of unit determination.
When to de-register a High Protection Obligation University IT asset
De-registering a High Protection Obligation asset might be needed for various reasons such as the protection obligation for the asset is stepped down, data that is processed is stepped down or the asset has been decommissioned. To that end, please use this to de-register High Protection Obligation assets.
Audience
IT Employees and other “Responsible Persons” under the MSS
Documentation
User/Customer Responsibilities
If your request is for multiple assets, you must send the HPO Multiple Assets Template sheet available in the Attachments section of this page.
If you have any questions regarding registering or deregistering High Protection Obligation assets, please contact the ISO at security@unc.edu!
Expected Delivery
5 Business Days