Discussion Topics from STAB Meeting on 8/23/2024

Promote the use of canvas by adjuncts

Do students get training on Banner audit?

Printing Controls: start AY26 (Fall of 2025)

Reach out to high users to encourage less printing

BYOD: start AY26 (Fall of 2025)

How get ITS laptop recommendations out to students?

BYOD safety net?

Leave 20% in labs

Safety net fund

Loaner pool

Laptop up cycle

Pell grant can get a tablet

Required software issues

Respondus Lockdown browser issues for testing (include the requirement in the course description in the course catalog and syllabi) (if students still uncomfortable then get loaner or use the 20% still in the labs)

Other IT initiatives:

MFA group mailboxes and individuals

MFA for any SSO application

Delete empty email boxes: Work down 80,000 users

Hybrid ID management: eliminate LDAP and only use Active Directory

Inventory of laptops

Laptops…lots of work to do to make classrooms plug and play

Laptop “check out center” in the STEM center via Sandra Suarez?

Email for retirees: @roadrunner vs @retiree vs @arch?

MicroSoft: A3 vs. A5 license?

Replacement options for phone system

Google Meet instead of WebEx? Teams?

BYOD for phones?

Attendance:

Melissa Van Der Wall Jenn Hicks McGowan Eddie Saiff

Joe Connell

Rob Doster Tim Babasade Rob Josic Patricia Chavez

Michael Yankovich

Joyce Shim

Michael Bitz

Status Update:

Compliance and Security

Gramm Leach Bliley Act (GLBA) Board Report

Penetration Test Update

NIST 800-171

Crowdstrike

Bitsight

SOC reporting

Back-up processes – discussed Ramapo’s approach; reminded all to store files on U and P as they get backed up daily

Went over presentation made to BOT Audit Committee

Policies, Protocols and Procedures:

The following have been recommended for review/creation by our CISO: Auditing Policy – create

Access Control Policy – break out of ITS Handbook into independent policy

ITS PII Policy – complete but not yet ratified

ITS Cybersecurity Policy – review and determine necessary ratification

Campus Administrative AI Policy (NOT Academic)

System Security Plan (SSP) – specific document for NIST, in process

Risk Register / Plan of Action and Milestones (POAM) – derived from SSP Acceptable Use Policy

Technology Procurement Policy

ITS Change Management Protocol – complete but 4yo so review then determine necessary ratification

Ongoing Projects:

Endpoint Hardware Deployment Network Hardware Deployment ERP Modernization

Experience

Banner Document Management

DegreeWorks

Power BI (we need to establish a timeline; we should also establish a group to help us with the planning and prioritization of work)

CourseDog

Ninjio – committee asked for another information campaign to share with the community about what this is (another Daily Digest; use a mass email)

Moving forward:

Acropolis Migration – Spring 2025

Phone System Replacement – Summer 2025

Identity Access Management initiatives:

Banner Ethos User Provisioning (EUP) – a new process that automates user creation, access rights assignment and Active Directory location based on role. Also automatically changes same when a user changes role or is no longer active. Replaces current CPImport process and provides a more secure, streamlined user maintenance process. – Summer 2025

Migrate away from Red Hat Directory Services LDAP to normalize on Microsoft Active Directory for all user identity access maintenance. Part of this is creating a cloud authentication process on MS Entra (formerly Azure) to enable cloud-based user authentication. This move will also allow us to retire our current password manager and replace it with MS Self Service Password Reset (SSPR) which is a significantly more robust password system. Lastly this will allow us to move from Duo for MFA to MS Authenticator which will allow us to cut costs while staying on a best in breed MFA system. – Late 2025/Early 2026

●    Announcements

○    RCNJ awarded a NJ-CCIC grant that pays for increased Crowdstrike coverage for campus with a value in excess of $400K over 5 years

●    Updates

○    Student Printing (200 sheets per year free; cost per sheet after…)

○    Degree Works training in August / September

o  Joint effort between Registrar and Student Success using Canvas (self-paced courses)

o  Course Dog training by Registrar, timeline to be determined over the summer

●    Other IT Initiatives:

○    Phone System Replacement

■    Google Meet or Teams Meetings to replace Webex Summer 2026

○    EUP (Ethos User Provisioning) implementation later this year – improves user access control and management processes (should be transparent to end users)

○    Email culling

○    Academic server upgrades

Compliance and Security

NIST 800-171 Standards. Reassessed our compliance with these standards over the summer, and we are over 92% fully implemented (note that 70% is considered aligned and is our minimum goal).

Bitsight. Our Bitsight score has been fluctuating between 700 and 720, primarily due to security on certain academic servers. ITS has been working with the faculty involved to remediate. (Note that Bitsight scores range from 250 (lowest) to 900 (highest); at 720, our Bitsight score puts us in the 80th percentile within higher education.)

We have been dealing with increased Phishing and Smishing activity over the last two weeks; the source has been compromised email accounts.

Policies, Protocols and Procedures

Completed and ratified by appropriate body: Business Continuity Plan

Business Impact Analysis

Data Protection (Personally Identifiable Information) Plan of Actions and Milestones (POAM, NIST related)

Final draft submitted for ratification:

Acceptable Use for Information and Technological Resources Policy

Cybersecurity Policy

Cybersecurity Protocols & Compliance Manual

Software, Hardware, and Supporting Devices Requests and Distribution Policy and

Procedure

In process, pre-final submission:

IT Risk Assessment Plan, Policy, and Procedure

System Security Plan

Guidelines for Secure Handling and Disposal of Documents under BDM

Website Policy (Note: we will have to deprecate support for “Pages” in the very near future. We are working to identify a list of current users so that we can collaborate with them to help them move their content to Canvas or to WordPress websites.)

Ongoing Projects:

Endpoint Hardware Deployment (Updating and replacing computers throughout campus to get all machines onto the Windows 11 OS; we are 79.5% of way there as of 1:30pm on 9/15/2025. Support for Windows 10 ends on 10/14/2025. We’ve gotten 1366 machines on to Windows 11; we have 352 to go before 10/14.)

Network Hardware Deployment – Research Network connected! ERP Modernization

Experience (We are planning to launch this at the beginning of the spring semester in Jan conditional on working out several remaining bugs. Experience provides a new user interface for accessing Banner, and it also provides an application for Banner on mobile devices.)

Banner Document Management (BDM) (We are in the process of implementing an electronic document storage system within Banner to reduce the need for hard copy storage.)

DegreeWorks (We are in the process of implementing a new Degree Audit tool.)

Power BI (We are in the process of developing methods for users to access data and use Power BI to produce tables, graphs, and reports to reduce the need to work through ITS for the development of Argos reports.)

Faculty Load and Compensation (FLAC) (We are beginning the process of implementing this add-on application to Banner to assist with audit compliance.)

Ethos User Provisioning (EUP) (We are beginning the process of implementing this within Banner as a method to improve identify verification and passwords management.)

Other Items – Work to Begin this Fall:

GoTo Phone System Replacement – Implementation begins Fall 2025

Hard phones staying in place; we will just be using a different VOIP service provider as our contract with Cisco will end in February 2026. We will not be transitioning to soft phones in the near future.

Webex Meetings will be deprecated in February 2026 when the Cisco contract ends.

ITS provided a brief demonstration of the capabilities of MS Teams as Webex will no longer be available starting in February 2026.

MS Teams and Google Meet, both already available, will both be supported alternatives.

All meeting recordings from Webex that people want to save must be downloaded by 1/31/2026!

ITS plans to make a broadcast announcement within the next couple of weeks about these changes. ITS will also provide instructions about how to download videos from Webex, and will work with IDC to provide training on MS Teams.

FA offered to provide ITS with 15 minutes at its next meeting to discuss these changes.

Entra ID Project – October 2025 to June 2026

Complete overhaul of RCNJ Identity Access Management (IAM). Eliminates Red Hat LDAP, saving the College money.

Creates a hybrid cloud/on premises IAM system allowing cloud only authentication

providing ongoing services if campus data centers are offline. Cuts in half the attack vectors on RCNJ systems.

Uses Microsoft Authenticator, replacing DUO, for MFA, saving the College money.

Streamlines new application setup and provides more versatility for future enterprise grade applications.

MUCH better security tools than current environment.

Cuts down on or eliminates outage times for all cloud applications. BYOD Campus

BYOD Campus

With rare exceptions, such as video rendering, the individual computers are relatively unimportant as technology moves to cloud computing. The computer is a ubiquitous portal.

Most classroom PCs have been removed because they are severely underutilized. Also, even when a student logs into one and uses it, the classroom computer has no unique purpose.

Providing software to students such as SPSS, EViews, and Stata for their installation allows the student far greater access to having it limited to their time in the classroom.

Getting to the point where students all have the same minimum computer allows for greater equity to students (recommended specifications are published on the ITS website and updated annually; see https://www.ramapo.edu/its/student-laptop- recommendations/).

Challenge: What is the methodology to ensure all students have a minimum level laptop meeting specs during their College career?

Some options:

Provide a laptop with 4-year warranty through fees when students begin at

Ramapo. This could be done with a one-time fee or leveled fees.

Make laptops available for purchase through the bookstore via a process that would allow students to use Financial Aid funds.

Simply state it as a requirement and allow students to bring their own.

The first two options allow us to have the computers preconfigured with the software all students are entitled to such as MS Office, as well as what may be required such as Lockdown Browser. They would also allow standardization and more efficient help desk support. The first option would also mitigate the issue of affordability for financially challenged students.

Implementation timeline:

From a shared governance perspective, which entities from across campus should we seek input?

Should we start with the incoming freshman and transfer students starting in the summer of 2026?