What to know about buying a laptop

Purchasing a Laptop

• Coordinate with School or Department purchasing staff to review reimbursement procedure and seek approved vendors before initiating a purchase.
  • Approved vendors include:
    • Vendors at UCI Buy
      • You'll see links to vendors selling Apple and HP products.
      • You can setup a quote
    • Quotes obtained from HSSOE IT staff with UC-contracted pricing and educational discocunts
      • UCOP IT Infrastructure agreements including servers
      • HSSOE IT staff can assist you with pricing on specialized hardware from Dell and HP.
  • Example laptop models:
    • OIT publishes UCI hardware standards for laptops,
    • You should include 4-year on-site warranty, and accidental damage coverage
    • Disk encryption is mandatory
• Review UC Security Policy on Mobile Devices (below) BEFORE making a purchase
  • You might be asked to work with School IT to enable and verify security standards have been met on your purchased laptop before reimbursement is initiated.
    • Send a message to helpdesk at eng.uci.edu for assistance
• Include extended warranty (3-4 years) with business-level support.
  • Contact School IT staff for recommendations.

Security Requirements

Laptop purchases must meet UCOP security requirements

• Please review UCOP website for Systemwide Security Controls.
• These standards are for EVERYONE (faculty, staff, volunteers, student workforce members, etc) and ALL DEVICES.
  • Policy does not apply to End-user devices used and owned by students for the purposes of attending the University and completing projects.
• Details regarding policy can be found in this UCOP Minimum Security Document.

Summary of UCOP's Security Requirements on Mobile Devices

1. Anti-malware: Anti-malware software must be installed and running up-to-date definitions.
   • For Windows, the included Windows Defender anti-virus software is approved.
   • Recommendations from OIT
   • Sophos for Macs
2. Approval and Inventory: Confirm devices can be secured before making a purchasing decision.  Make sure IT Resources and Institutional Information are appropriately recorded in Location inventory.
   • BitLocker is not available on Windows 10 Home version. Therefore, it is not appropriate for University business.
   • Some manufactureres have blocked the ability to reinstall an OS.
   • Do not assume you can upgrade to Windows 10 Pro from Windows 10 Home.
3. Backup and Recovery: Institutional Information classified at Availability Level 3 or higher must be backed up and recoverable. Backups must be protected according to the classification level of the information they contain.
   • UCOP Security Classifications
   • Cloud-based backup services must come from an approved vendor.
     • ​Contact HSSOE IT staff for details.
4. Encryption: All portable computing devices must be encrypted.
   • This policy is defined by UCOP and includes all laptops.
   • Encryption on Windows 10 Pro MUST be enabled.
     • BitLocker is not available on Windows 10 Home version. Therefore, Windows 10 Home is not appropriate for University business.
   • Encryption on Macs, MUST be enabled
5. Encrypt Portable Media: Portable media containing Institutional Information classified at Protection Level 3 or higher must be encrypted and safely stored.
   • How to encrypt flash drive using Windows
   • How to encryps flash drive using Macs
6. Host-based Firewall: If host-based firewall software is available on a device, it must be running and configured to block all inbound traffic that is not explicitly required for the intended use of the device.
   • Built-in Windows Firewall is fine and it must be enabled (it's usually enabled by default)
   • Mac Firewall
   • Block all incoming traffic. Do not create exceptions unless necessary for laptop use.
   • Carefully review exceptions created by software installations.
7. Local Admin or Administrator: Non-privileged user accounts must be used and only elevated to root or administrator when necessary.
   • You MUST create separate accounts for Administrator and users.
     • Use the "User" account when you don't need to install software.
   • How to create a user account on Windows 10
   • How to create a user account on a Mac
8. Password/PIN lock: Secure devices with a strong password, PIN, smart card, or biometric lock.
   • Do not enable auto login
9. Patching: Supported security patches must be applied to all operating systems and applications.
   • Windows update
   • Mac Update
10. Physical Security: Devices and Institutional Information must be physically secured.
    • Get a physical lock for your laptop
11. Session Timeout: Devices used to store, or access Institutional Information or IT Resources classified at Protection Level 2 or higher must employ lockout/screen-lock mechanisms or session timeout to block access after a defined period of inactivity (15 minutes or Location limit). Mechanisms must require re-authentication before a return to interactive use.
    • Enable screen lock 
      • Windows screen lock
      • Mac screen lock
12. Supported Operating Systems: Run a version of the operating system that is supported by the vendor
    • Do not use outdated or unsupported operating systems such as Windows XP