Submit EPS Exception for Billboards & Kiosks
This is for all who want to us a pc stick or other device for a billboard or a kiosk
Table of Contents
Information
This section would detail content for policy process or troubleshooting information. Information included in this section should be written for the basic understanding of someone new to the team or first discovering the process. Include pictures that assist in validating when someone new is successful in following along with the documentation. Documentation should not contain assumed knowledge without a link to the documentation outlining the referenced process.
Sub-bullets in this section should be formatted as Heading 3 or 4 if the author would like these to be included in the table of contents.
Escalation
Here is the section to list an escalation point(s) to contact on process or documentation.
Related Documentation
These instructions are for submitting an Endpoint Protection Standard (EPS) exception form for Billboard and Kiosk systems in the OIT Managed Desktop environment. Billboards serve digital signage content, such as websites and slides, on a display screen such as the campus Billboard service. Kiosks serve as general use systems and are typically walk-up style for public use.
Explanation
Since Billboards and Kiosks do not meet the 10.1.3 Authentication requirement of the Endpoint Protection Standard then the use of Billboard and Kiosk systems require filling out the exception form. OIT employees cannot submit these Exception requests for you, as they have to be renewed annually and need departmental staff to decide whether they are still needed. The Security Control (Also known as Compensating Control or Alternate Solution) for the Billboards and Kiosks Authentication requirement is completed through the use of a restricted auto-logon service account, which has been approved for use by the OIT Security and Compliance team. Any Purple data cannot be accessed, viewed, cached, or saved and Red data can be viewed but not cached/saved.
Exception Process for Billboard and Kiosk Systems
Only the OIT Managed Desktop Service specific fields or information is addressed in this article. Other required fields are self-explanatory.
- Open the IT Exception Request Form
- If you have more than a few of these you can create a Google Sheet and submit them all at once.
- Exception Type is “Exception - Security Control Compliance”.
- Step 3 - Choose "OIT TSS -- Technical Support Services" as the support owner
- Select the button next to Endpoint Protection Standard as the Security standard for which you are requesting the exception
- Type Authentication in the field box below
- Include the following verbiage for “Step 4: Justify Your Exception Request”
“The OIT Managed Desktop Service provides Kiosk/Billboard OU’s that are compliant with all controls on the EPS except authentication. A special configuration using service accounts with hidden and controlled authentication was developed with the approval of Andrew Kotynski and the OIT Managed Desktop Technical team. The Billboard & Kiosk configurations are the only managed option available for the justified use case.”
- Include the following verbiage in the box “What compensating control are you implementing?”
“Andrew Kotynski approved the Authentication Exception Compensating Control as being that the systems auto-logon with a restricted Active Directory service account.”
- Complete the remaining steps and click the Submit button to complete the form.
Title: Submit EPS Exception for Billboards & Kiosks
Service: IT Service Delivery & Support
Template if applicable: (Is there a Help Desk or MDS template for the Application? If one is needed, the Service desk can assist.)
Assignment Group(s): (Managed Desktop_Support
Document Owner: David DeFoor
Available Priorities: Critical, High, Medium, Low
Keywords: Kiosk, PC stick,EPS, Billboard,Exception, Submit