UH Device Registration Program
Annual Device Registration Requirements
All servers and network devices (firewalls, VPN gateways, routers, etc.) operating on the University of Hawaiʻi network must be:
- Reported in the Device Registration database
- Continually scanned and remediated for vulnerabilities and missing patches (at a minimum, annually)
- Scanned for PII which includes Social Security Numbers, Driver's License Numbers and/or credit card or bank account information on a regular basis (at a minimum, annually)
- If the device does contain PII, it must be reported, as required by HRS §487N
Note: Devices that are not registered, scanned and remediated will not be permitted to operate on the UH Network. ITS will proactively seek out active devices throughout the UH network by performing network and vulnerability scans. ITS will attempt to provide warning before blocking unregistered active devices that are found.
Endpoints that store sensitive or regulated data must also be registered in the device registration and a Personal Information Survey must be completed.
Device registrations are considered "completed" when all information is filled out and scan dates are between 1/1/2024 - 09/20/2024.
Requirements for Registering a Server / Network Device
The Device Registration database can be accessed here: https://www.hawaii.edu/its/device/registration/.
For instructions on how to navigate the Device Registration database visit our AskUs article: https://www.hawaii.edu/askus/1748.
To complete the registration for your server/network device, you will need to:
- Verify any information about currently registered device
- Perform a vulnerability scan of your device
- Scanning may be performed using the ScanUH vulnerability scanning service, Nessus Agents, or an approved Nessus Scanner. Link to ScanUH: https://scanuh.hawaii.edu/scanner.
- Remediate/patch any vulnerabilities discovered
- Scan for Personally Identifiable Information (PII)
- If found, fill out a UH Annual Personal Information Survey
- Enter the dates scanned in your device registration record, and acknowledge the terms
Requirements for Registering an Endpoint
The Device Registration database may be accessed here: https://www.hawaii.edu/its/device/registration/.
For instructions on how to navigate the Device Registration database visit our AskUs article: https://www.hawaii.edu/askus/1748.
To complete the registration for your endpoint, you will need to:
- Verify any information about currently registered endpoints
- Acknowledge the terms
- Complete the Personal Information Sruvey for your data repository. See https://www.hawaii.edu/its/information/survey/.
PII Scanning:
The University of Hawaiʻi has licensed Spirion https://www.hawaii.edu/askus/1297, a software product for Windows and Macintosh systems, to search for social security numbers, credit card numbers, birthdates, driver’s license numbers, etc. If you have a UNIX/Linux system, you will need to use another utility: Find_SSN: http://www.hawaii.edu/askus/1323. Another option is to mount the UNIX/Linux filesystem on a Window or Mac system. From there you can run Spirion, and have it scan the mounted filesystem.
If Spirion or Find_SSN detects PII: Per Hawaiʻi State Law and UH Policy, if your server contains a repository of PII, it must be reported using the UH Annual Personal Information Survey located at: https://www.hawaii.edu/its/information/survey/. (You will be required to login with your UH username and password.)
Vulnerability Scanning:
To scan for vulnerabilities, use the ScanUH vulnerability scanning system. It can be found at: https://scanuh.hawaii.edu.
You must remediate all high and critical severity vulnerabilities before completing your device registration. For information about securing your servers, please visit https://www.hawaii.edu/infosec/minimum-standards/.