1. HOME
  2. School of Physical Sciences
  3. SPS-IT

SPS-IT: SPS Policy on Endpoint Detection and Response (EDR) and Vulnerability Assessment Scanning (VAS)

1. Purpose

This policy defines which systems in the School of Physical Sciences (SPS) must run EDR and VAS protection, outlines exemption criteria, and describes the process for requesting exceptions. It aligns with UC San Diego’s Security Exception Policy. 

2. Scope

Applies to all SPS devices—including servers, workstations, instruments and devices—compatible with campus security software and connected to the UCSD network. Oversight is provided by SPS-IT and the Office of Information Assurance (OIA).

3. Systems Requiring EDR/VAS

Protection is required for:
  • Vendor-supported instruments and data acquisition (DAQ) systems.
  • Stand-alone data processing and visualization workstations.
  • Public-facing services and applications.
  • Desktop Environments and Portable Computers
  • Devices listed as compatible with EDR/VAS tools.
  • Systems subject to UC San Diego’s baseline security standards (e.g., antivirus, firewalls, vulnerability scanning).
  • General Purpose Servers (File, Application, Database, Mail, VM)

4. Exemption-Eligible Systems

Exemption evaluations may be considered for, but are not limited to, the following circumstances:
  • High-performance systems where EDR/VAS degrades performance.
  • DAQ systems that require real-time operation.
  • Legacy systems lacking upgradability paths.
  • Storage systems with conflicting security controls.
  • Specialized research or medical equipment.

5. Requesting an Exception

PIs or system owners must submit the Vulnerability Remediation Exception Request Form with:
  • Justification for exemption.
  • Description of performance, reliability, or compliance impact.
  • Proposed alternative safeguards.
  • Duration of exemption.
  • Approvals from the Unit Information Security Lead (UISL) and Unit Head (if applicable).

6. Requirements for Exempted Systems

All exempt systems must implement mitigation strategies that should include, at a minimum, the following:
  • Use private VLANs/IP spaces and firewalls (when applicable).
  • Implement alternative protections (e.g., segmentation, logging, restricted access).
  • Be manually monitored for threats.
  • Undergo annual review for continued exemption.

7. Enforcement

The SPS Research IT Advisory Committee (RITSAC) and the Dean ensure oversight.
  • Periodic audits will verify that exceptions are valid and risks mitigated.
  • Exceptions can be revoked if systems are found vulnerable or exploited.
  • Units are responsible for maintaining security compliance.
  • Non-compliant incidents are escalated to the UCSD Computer Incident Response Team (CIRT).

Questions or Requests

Contact SPS-IT at: sps-it@ucsd.edu

Download the Policy

SPS Secure Connect Local Implementation Policy: [download]

Need Help? sps-it@ucsd.edu
Want to stop by for in-person support?:  Mayer Hall 3405
(Same day appointments M-F 8:00-3:00PM)