This site requires JavaScript to be enabled
An updated version of this article is available

Submit EPS Exception for Billboards & Kiosks

2569 views

12.0 - Updated on 2025-11-10 by Therman Cherry

11.0 - Updated on 2024-11-04 by Therman Cherry

10.0 - Updated on 2024-10-29 by Darrick Bremner

9.0 - Updated on 2024-10-15 by Darrick Bremner

8.0 - Updated on 2024-05-15 by Darrick Bremner

7.0 - Updated on 2024-03-27 by Therman Cherry

6.0 - Updated on 2024-03-27 by Therman Cherry

These instructions are for submitting an Endpoint Protection Standard (EPS) exception form for Billboard and Kiosk systems in the OIT Managed Desktop environment. Billboards serve digital signage content, such as websites and slides, on a display screen such as the campus Billboard service. Kiosks serve as general use systems and are typically walk-up style for public use. 

 

 

Table of Contents

 

 

 

Information

Since Billboards and Kiosks do not meet the 10.1.3 Authentication requirement of the Endpoint Protection Standard then the use of Billboard and Kiosk systems require filling out the exception form. OIT employees cannot submit these Exception requests for you, as they have to be renewed annually and need departmental staff to decide whether they are still needed. The Security Control (Also known as Compensating Control or Alternate Solution) for the Billboards and Kiosks Authentication requirement is completed through the use of a restricted auto-logon service account, which has been approved for use by the OIT Security and Compliance team.  Any Purple data cannot be accessed, viewed, cached, or saved and Red data can be viewed but not cached/saved.

 

Exception Process for Billboard and Kiosk Systems

Only the OIT Managed Desktop Service specific fields or information is addressed in this article. Other required fields are self-explanatory. 

  • Open the IT Exception Request Form
    • If you have more than a few of these you can create a Google Sheet and submit them all at once.
  • Exception Type is “Exception - Security Control Compliance”.

  •  Step 3 - Choose "OIT TSS -- Technical Support Services" as the support owner

  • Select the button next to Endpoint Protection Standard as the Security standard for which you are requesting the exception
  • Type Authentication in the field box below

  • Include the following verbiage for “Step 4: Justify Your Exception Request

“The OIT Managed Desktop Service provides Kiosk/Billboard OU’s that are compliant with all controls on the EPS except authentication. A special configuration using service accounts with hidden and controlled authentication was developed with the approval of Andrew Kotynski and the OIT Managed Desktop Technical team. The Billboard & Kiosk configurations are the only managed option available for the justified use case.”

  •  Include the following verbiage in the box “What compensating control are you implementing?” 

 “Andrew Kotynski approved the Authentication Exception Compensating Control as being that the systems auto-logon with a restricted Active Directory service account.”

 

  • Complete the remaining steps and click the Submit button to complete the form.

 

 

 

Escalation

 

Any questions on process or content contained in this document should be escalated through the NCSU Help desk and a have an incident assigned to the OIT_DESKTOP_SUPPORT team. 

 

 

Related Documentation

 

https://oit.ncsu.edu/it-security/it-exception-request/it-exception-request-form/

https://billboard.ncsu.edu

 

Title: Submit EPS Exception for Billboards & Kiosks
Service: IT Service Delivery & Support 
Template if applicable: N/A
Assignment Group(s): OIT_DESKTOP_SUPPORT
Document Owner: OIT_DESKTOP_SUPPORT
Available Priorities: Low 
Keywords: Kiosk, PC stick,EPS, Billboard,Exception, Submit
Revised by Darrick Bremner
Last modified 2024-05-15 08:25:58