This attestation applies only to University of Oregon faculty, staff, and contractors who access sensitive University of Oregon information assets, and use a personally owned device as a multi-factor authentication (MFA).
Under this regulation, employees or contractors utilizing personal devices are responsible for maintaining basic device security compliance, including but not limited to:
- employing a minimum four-digit PIN,
- enabling inactivity auto-locks,
- utilizing data-at-rest encryption,
- promptly reporting lost or compromised authentication devices to the Information Security Office,
- applying vendor security patches within 15 days of release
- annual completion of the compliance attestation
Please view the complete policy at the CISO secure-u.uoregon.edu website, specifically at Authentication Standard, which can be accessed after logging in with a valid DuckID to the secure-u.uoregon.edu website.
How to Complete the Attestation
To complete, click Complete Attestation (top right of the page), review the requirements, and acknowledge the attestation.
Note that there is a check-box list for various applications to which you may have access. While at this time the MFA Attestation only applies to Banner Administration, other applications may submit this request to their users. At this time, you are welcome to note any other specialty applications that you may use to access sensitive information assets.
If you are not aware of the other applications in the list, or do not have access to them, then they do not apply to you and you can leave them unmarked.
Questions
Questions, exceptions, violations, and other information can be found at the Authentication Standard policy website.