Jan 20, 2026 - Atlanta, GA

Georgia Tech Cybersecurity and distributed campus IT partners have initiated a phased rollout of the Institute’s Computer Security Standard (CSS). The CSS will apply consistent security controls across all desktops, laptops, and servers used to store, process, or transmit Georgia Tech data. The standard will bolster Georgia Tech’s cyber defense posture and align the Institute for meeting regulatory and contractual research requirements. 

Beginning Feb. 20, all newly provisioned or rebuilt computers must meet the CSS compliance requirements. Existing systems will transition to compliance through a phased implementation plan, extending through December 2026. 

“This standard is foundational to a researcher's ability to safeguard the integrity of their research activities and data, as well as to the broader need to protect the integrity of the research enterprise. The flexible approach aligns with industry best practices while supporting our wide-ranging research needs and methods.” Said Tanta Myles, Associate Vice President for Research Integrity Assurance. 

“The CSS ensures that we meet federal regulatory and contractual requirements to safeguard the Institute’s research, data, and operational integrity,” said Joe Lewis, Georgia Tech chief information security officer. “We are focused on building scalable, flexible processes that support both compliance and innovation.” 

Endpoint Management 

The Computer Security Standard outlines the minimum-security requirements for all endpoints including: 

  • Endpoint management (e.g. Intune, JAMF, Salt) for devices 
  • Approved antivirus and endpoint detection tools 
  • Encryption for laptops and endpoint systems 
  • Controlled administrative privileges 
  • Device categorization and lifecycle tracking for IT assets 

IT support teams will assign a classification: Default, Alternate Control Plan (ACP) 1, 2, or 3, based on the system’s role. These classifications determine the phase and deadlines for each specific control. A formal exception process is in place for research and instructional devices requiring unique configurations.

Resources and Support 

To support this transition, Cybersecurity will maintain the CSS Companion Guide for IT staff and host training workshops. The Information Security Procedures, Standards, and Guidelines webpage will be routinely updated, outlining required steps and additional resources and tools. For additional questions or support, please contact support@asc.gatech.edu. 

Sidebar

Implementation Timeline:

  • Phase 1 - Feb. 20: Compliance for Newly Provisioned & Rebuilt Computers
  • Phase 2 - June 20: High-Risk & Regulated Systems Compliance
  • Phase 3 - Sept. 20: Default & Alternate Control Plan 1 Compliance
  • Phase 4 - Dec. 31: Alternate Control Plan 2 and 3 Compliance / Mitigation