IT Security
  /  
Endpoint Security Support Portal
Frequently Asked Questions

Why is this change happening?

Northwestern University now requires all devices to meet the Endpoint Security Standard. This ensures that university-owned and personal devices used for teaching, research, and administration are protected against cyber threats and remain compliant with institutional policies. 

Who is responsible for device compliance? 

  • McCormick-managed devices: McCormick IT fully manages these systems, ensuring compliance, security updates, and configuration. 
  • Self-managed devices: Faculty who choose to manage their own equipment are responsible for meeting the security standards. To support this, McCormick IT has developed the Endpoint Security Portal. 

What resources are available in the Endpoint Security Portal?

  • Security Standards: Guidance on what’s required to stay compliant.
  • Configuration Instructions: Step-by-step setup and maintenance instructions.
  • Inventory Tools: Department-specific spreadsheets to track devices, purchase/retirement dates, and attestation.
  • Self-Attestation Guidance: Instructions to confirm your device records annually.

What do I need to do if I self-manage my devices?

  1. Add all your devices to your department’s spreadsheet (link sent via email).
  2. Update records when devices are purchased, retired, or reassigned.
  3. Complete annual attestation to confirm device compliance.

Can I delegate these tasks?

Yes. You may assign one or more designates to manage your group’s device inventory. Share their name(s) with your BA or McCormick IT who will then grant them access to the inventory spreadsheet.

What constitutes a device?

For this exercise, a device is anything that is capable of connecting to the network. Examples include desktops, laptops, servers, Raspberry Pis, computers embedded in research equipment that need network access.

What about personal devices?

A personal device is one that is purchased without Northwestern University funds or through reimbursement. If a personal device is used to conduct University research, it needs to adhere to the Endpoint security standards as outlined in the Configuration Instructions, but does not need to be included in the inventory.

Do I have to self-manage?

No. McCormick IT is happy to manage and maintain compliance for your devices. If you prefer not to take on these responsibilities, simply request IT management for your systems.

What is attestation and how often is it required?

Faculty must annually confirm the status and end-user assignments of each device by ensuring the asset inventory spreadsheet is kept up to date.

How is the asset inventory managed?

McCormick IT provides each department’s faculty with an asset inventory spreadsheet, which includes:

  • A separate tab for each faculty member’s devices.
  • A simple, shared format for entering and referencing required asset information.

What about NU-owned devices used at home?

The standard applies to the device in any location.

What about joint appointments?

Record your inventory under your primary department.

What do I do if I don't see my tab in my home department's spreadsheet?

Just reach out to McCormick IT at mccit@northwestern.edu and the template tab will be cloned for you and access to the sheet will be granted. This should only be the case if you're a new faculty member, you changed departments, or your appointment's allocation changed (see question on joint appointments).

How do we request exceptions?

  • Currently, the emphasis is to identify and inventory university assets
  • Once the asset inventory process is completed, we will share details on how to request an exception

Is the PO number required for all devices?

  • It's required for all new purchases.
  • If it's readily available for previous purchases, include it. If it's not easy to obtain, it may be omitted.

What do I need to do to maintain my inventory and attest to my devices? How often?

  • Annually review your device records in the sheet.
  • Update any changes including new or decommissioned devices.
  • Update the "Date Record Last Reviewed" to confirm records have been reviewed for accuracy.

Where can I get help?

If you have questions about compliance, spreadsheets, or the portal, contact McCormick IT at mccit@northwestern.edu. McCormick IT is here to help make this process as smooth as possible.