This attestation applies only to University of Oregon faculty, staff, and contractors who access sensitive University of Oregon information assets, and use a personally owned device as a multi-factor authentication (MFA).
Under this regulation, employees or contractors utilizing personal devices are responsible for maintaining basic device security compliance, including but not limited to:
- employing a minimum four-digit PIN,
- enabling inactivity auto-locks,
- utilizing data-at-rest encryption,
- promptly reporting lost or compromised authentication devices to the Information Security Office,
- applying vendor security patches within 15 days of release
- annual completion of the compliance attestation
Please view the complete policy at the CISO secure-u.uoregon.edu website, specifically at Authentication Standard, which can be accessed after logging in with a valid DuckID to the secure-u.uoregon.edu website.
How to Complete the Attestation
To complete, click Complete Attestation (top right of the page), review the requirements, and acknowledge the attestation.
The form includes a checkbox list of applications. While the Authentication Standard MFA Attestation currently only applies to Banner Administration, located at banner.uoregon.edu, other applications may request this in the future. We have added the additional applications for efficiency, but for now, please feel free to select any additional specialty applications you use to access sensitive information assets.
If you are not aware of the other applications in the list, or do not have access to them, then they do not apply to you and you can leave them unmarked.
Questions
Questions, exceptions, violations, and other information can be found at the Authentication Standard policy website.