Tools & Templates

Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices. 

Hardening Guides & Tools

Sensitive Data Protection

  • Access to Employee-Held Data for U-M Units. Units may request access, for business purposes, to university data held in the U-M-provided account or service of an employee or terminated employee in accordance with U-M policy, athough it is preferable to have the employee transfer the information.
  • Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
  • External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts. 
  • Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
  • Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
  • Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.

Planning, Compliance & Risk Mitigation

  • Disaster Recovery Management. Information and templates for IT disaster recovery planning at U-M.
  • MITN: Shared Threat Intelligence at U-M. This shared intelligence repository is used to block attempted attacks on U-M email infrastructure, networks, and other central and unit-based systems. U-M units can host MITN sensors and/or make use of the shared MITN data.
  • Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
  • Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
  • Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.
  • Vulnerability Scanning Services. These automated scans are designed to identify software vulnerabilities, missing system patches, and improper configurations. All U-M networks are scanned quarterly, and units can request on-demand and more frequent scans at no charge.

Security & Privacy Best Practices

  • Erasing U-M-Owned Devices. How to properly erase university-owned devices for disposal or transfer. The KillDisk tool is available for your use on university-owned computers.
  • Network Printing Best Practices. How to prevent some common networked printer issues, such as spam, denial of service attacks, and other issues that waste your time and resources.
  • U-M Safe Computing Website Checker (Chrome Extension). Encourage your faculty and staff to install the Chrome extension that warns users when they are about to visit malicious websites masquerading as the U-M Weblogin page. 

Additional Tools

  • Passwordstate. Units on all U-M campuses may implement Passwordstate through a U-M license for use by their faculty, staff, and students. Use of U-M's Passwordstate license is intended for unit implementations; it is not available to individuals other than through their units. For details, see Passwordstate Use at U-M.