All University-owned laptops, desktops, smartphones and tablets ("devices"), personally owned devices used on the Stanford Network, and personally owned devices that could be used to access Protected Health Information (PHI) or other High Risk Data must comply with Stanford's Endpoint Compliance rules. The Endpoint Compliance reports provide the information to monitor compliance of the devices that connect to the Stanford network.
Access to the Endpoint Compliance reports is granted via the Authority Manager application. Org authority is applied so users only see device data as it pertains to the organization that they support.
Report updates are made every four hours. For system and department administrators, local desktop support and management, these reports are critical in ensuring progress to the information security mandate. All reports are a point in time only and are sourced from five different systems.
- Provides compliance information to groups, managers, and support staff.
- Coordinates, collects, and compiles information on computer endpoint identification and encryption compliance from several databases across the University.
Purpose of the reports
The Endpoint Compliance reports show device compliance as defined by the information security mandate across groups, departments, and the University as a whole. These reports augment reports available via the management tool AirWatch (for mobile devices) or BigFix and VLRE (for laptops and desktops).
The Compliance Summary report provides organizational device numbers, and can be used to track overall progress for an organization to the security mandate. The Compliance Summary report can also be viewed by device type for an organization.
The Detail report provides details about a device as it pertains to its compliance status: is it encrypted, is it managed or monitored, have the Device Enrollment App questions been answered, has it been disavowed, etc. Information from source systems are consolidated into one line per device through a search/match rules engine. This report can be used to get detailed information on devices that are non-compliant and to determine where additional device information is needed (for example, where the Device Enrollment App has not been completed).
These reports also show "bad" data; that is, data that the search/match rules engine could not use. Anything that shows up on the report as "Unknown" indicates unmatchable values. (Blanks and null values are considered "unmatchable.") This is an opportunity for system and department administrators and local desktop support staff to clean up device data in the source systems so that downstream compliance can be determined.
Access to the Endpoint Compliance reports is granted through Authority Manager. If you need access to these reports, contact the IT manager for your department.