Question

How can I submit a BigFix exception?

Answer

To seek an exception, please submit a request to the Information Security Office at exceptions@ucdavis.edu, including the following information:

• Name and department of the computer owner.
• A description of the computer endpoint, including the OS, function or business purpose, IP address, and hardware address (Mac address).
• A brief description of why the desktop or laptop should be excluded.
• A description of what tools are being used to manage the desktop or laptop. 
• Responsible Party: the name, department and contact information of the individual who will ensure that the system is maintained in compliance with all UC and campus polices and regulations, and who is responsible if the system is compromised.

Exception requests may be submitted for faculty or staff computers.  By requesting an exception the Responsible Party is committing to maintain the computer in compliance with all UC and campus policies and any regulations that are applicable to the type of data that is used on the computer (e.g. PII, HIPPA, FERPA), and to assist the UC Davis Information Security Office in response to any security incidents related to the computer.

Exception requests may be submitted directly by faculty, or with faculty permission may be submitted by IT staff on behalf of faculty.  Requests may be submitted for groups of computers with the information above provided for each endpoint. 

Prior to denying any faculty member’s request for a BigFix exception, the Information Security Office will consult with the Academic Senate’s Committee on Information Technology or its designated representative.

In lieu of requesting an exemption from BigFix, faculty members may consider allowing the installation of BigFix for reporting purposes only, where the computer is set to be in a “locked” state in BigFix. Systems in a “locked” state are excluded from any actions by BigFix system administrators. BigFix is still beneficial in this context as the reported data can be used to identify vulnerabilities and address them outside of the BigFix system. Faculty should discuss the relative risks and benefits of this configuration with their local IT staff.

The following are additional examples of reasons why a device may be considered for an exception:

• Computers used solely to run research instruments, and not for email, Internet access, etc.  
• The installation of BigFix could compromise the integrity of research.
• The installation of BigFix could put the health or safety of humans or animals at risk.
• The endpoints are managed under contract with a vendor.
• BigFix will not run on the endpoint.

The following locations and devices are not included in the BigFix initiative. An exception request is not required.

• UC Davis Health, School of Medicine, School of Nursing
• Servers
• Tablets, phones and other mobile devices (except laptops)

This exception process will be reviewed at least annually, and updated if needed.