Middle Georgia State University Policy Manual

11.2.1 Antivirus Policy

1.0 Overview

MGA is committed to maintaining a secure and resilient technology environment in alignment with USG cybersecurity standards. This policy establishes the requirement for antivirus protection on all computing devices that connect to MGA’s network infrastructure. By enforcing consistent antivirus safeguards, MGA aims to prevent malware infections, protect institutional data, and ensure uninterrupted access to academic and administrative resources.

2.0 Purpose

To ensure the security and integrity of MGA’s information systems and data, this policy establishes minimum antivirus protection requirements for all devices connecting to MGA networks.

3.0 Scope

This policy applies to all computing devices—whether institutionally owned or personally managed—that connect to MGA’s network infrastructure via any access method, including but not limited to:

• Local Area Network (LAN)
• Wide Area Network (WAN)
• Virtual Private Network (VPN)
• Wireless connections

4.0 Policy

All devices connecting to MGA networks must have antivirus software installed and actively running. The antivirus solution must meet the following requirements:

• Real-time protection must be enabled to detect and prevent malware threats.
• Automatic signature updates must be configured to ensure the software remains current with the latest threat definitions.
• The antivirus software must be regularly maintained and updated to include the latest patches and security enhancements.

Devices that do not comply with this policy may be denied access to MGA network resources until compliance is verified.

5.0 Enforcement

To ensure compliance, the MGA Cybersecurity department may use scanning, sniffing, and other auditing tools to detect unprotected or compromised systems. Network access or user accounts may be suspended without notice if a device is found in violation of this policy. Access will be restored once the issue is resolved and compliance is confirmed.

Host Information Profile (HIP) checks may be used to validate compliance with this policy before allowing VPN access.

Policy violations may also result in disciplinary action in accordance with MGA and USG guidelines.

6.0 Exceptions

Any exceptions to this policy must be formally requested and approved by MGA’s Chief Information Officer and Chief Information Security Officer. Approved exceptions must be documented and reviewed annually.

7.0 Definitions

• Antivirus Software: A security application designed to detect, prevent, and remove malicious software (malware), including viruses, worms, trojans, and spyware.
• Real-Time Protection: A feature of antivirus software that continuously monitors a system for malicious activity and threats, providing immediate alerts and remediation.
• Signature Updates: Regular updates to an antivirus program’s database that enable it to recognize and respond to the latest known malware threats.
• Network Access Methods: The various ways a device can connect to MGA’s network, including Local Area Network (LAN), Wide Area Network (WAN), Virtual Private Network (VPN), wireless (Wi-Fi), and dial-up connections.
• Non-Compliant Device: Any computing device that does not meet the antivirus requirements outlined in this policy, including lack of antivirus software, disabled real-time protection, or outdated virus definitions.
• Cybersecurity Department: The designated unit within MGA’s Office of Technology Resources responsible for implementing and enforcing cybersecurity policies, monitoring network activity, and responding to security incidents.
• Auditing Tools: Software or techniques used to monitor, scan, and analyze network traffic and system configurations to detect vulnerabilities, threats, or policy violations.