內 容
|
一、 法規與合規性依據 依據行政院「各機關對危害國家資通安全產品限制使用原則」、教育部資通安全相關規範,並配合本校 ISO/IEC 27001:2022 資訊安全管理系統(ISMS)之規範辦理。
二、 設備盤點作業 為強化校園網路基礎設施防護,請各單位財產保管人登入「校務資訊系統 > 電算中心 > 物聯網設備管理」,確實清查並完整登錄單位所屬之公務用物聯網設備(如:網路攝影機、路由器、具網路功能之印表機/事務機等)之現況資訊。
三、 檢視與防護落實 針對具備連網功能之設備,請併同檢視並確實執行下列資安防護作業:
•汰換限制產品: 依行政院前揭原則,確實盤點並全面汰換(或停用)危害國家資通安全之廠牌設備(含軟體、硬體及服務),以控管供應鏈資安風險。
•強化通行密碼: 設備嚴禁使用出廠預設密碼,須設定高強度密碼並妥善管理。
•維持版本更新: 應定期檢視並更新設備韌體(Firmware)至原廠釋出之最新安全版本。(若有疑義,建議聯繫維護/合約廠商。)
•最小化服務: 檢視設備網路設定,若無外部連線需求,應關閉不必要之網路埠及遠端管理功能。
四、 本案攸關本校整體資訊環境安全與法規遵循,敬請各單位務必配合於期限內完成辦理。
在填入物聯網設備資訊過程中有任何疑問,歡迎聯繫:
•承辦單位:電算中心 資訊網路組
•聯絡分機:
中央校區:11572、11571
建國校區:22450、22585
介仁校區:31630
=============================================================================
I. Regulatory and Compliance Basis
This notice is issued in accordance with the "Guidelines for the Restriction of Use of Products that Pose a Risk to National Information Security" established by the Executive Yuan, relevant information security regulations set by the Ministry of Education, and the requirements of the ISO/IEC 27001:2022 Information Security Management System (ISMS) implemented by this university.
II. IoT Device Inventory Process
To enhance the security of campus network infrastructure, all property custodians are required to log in to the "Campus Information System > Computer Center > IoT Device Management" module. Please thoroughly inventory and accurately record the current status of all official IoT devices under your unit is jurisdiction, such as network cameras, routers, and network-enabled printers or office machines, by July 31, 2026.
III. Security Review and Implementation
For all network-connected devices, please review and strictly implement the following information security measures:
Replacement of Restricted Products: In accordance with the aforementioned Executive Yuan guidelines, conduct a comprehensive inventory and fully replace (or deactivate) devices from brands identified as posing a risk to national information security, including hardware, software, and services, to manage supply chain security risks.
Strengthening Passwords: Devices must not use factory default passwords. Please set strong passwords and manage them securely.
Maintaining Version Updates: Regularly review and update device firmware to the latest secure version released by the manufacturer. (If any questions arise, please consult the maintenance or contract vendor.)
Minimizing Services: Review device network settings. If external connectivity is not required, unnecessary network ports and remote management functions should be disabled.
IV. Importance and Timely Compliance
This matter is critical to the overall information security and regulatory compliance of the university. We kindly request all units to cooperate and complete the required procedures within the specified timeframe.
For any inquiries regarding the input of IoT device information, please contact:
Responsible Unit: Computer Center, Information Network Division
Contact Extensions:
Central Campus: 11572, 11571
Jianguo Campus: 22450, 22585
Jieren Campus: 31630
Respectfully,
Computer Center
Tzu Chi University |
|