Cybersecurity

The WFU Information Security Office provides cybersecurity services to our community.

Cybersecurity is everyone’s responsibility! 90% of all cybersecurity safeguards depend on you as the user to adhere to computer security practices. 

All employees are encouraged to:

• Report unusual activity.
• Use strong, unique passwords.
• Avoid clicking on suspicious or unsolicited links in email messages.
• Ensure your computer is protected with up-to-date antivirus software.
• Keep computers and devices updated with the latest operating system and security patches.
• Look for https in a URL before entering any sensitive information like passwords.

Add Box with link to Cybersecurity training modules

Please Note: Some sponsored research may require additional cybersecurity controls. ORSP works with the principal investigator to monitor research award terms and conditions to help flag additional controls that may be required and communicates this information with the export control officer. Please contact the Export Control Officer if you believe your research project needs additional security measures.

FAR TikTok Ban:

The Federal Acquisition Regulatory (FAR) Council recently published an interim rule, effective immediately, that broadly prohibits contractors from having or using TikTok (and other successor applications by ByteDance Limited) on any “information technology” used in the performance of a government contract. The ban applies to technology owned by the government, Duke, or employees working on the contract.  

What is expected of me to comply with this requirement?

Immediately remove TikTok and any ByteDance application from any information technology (see definition below) used in the performance of a federal contract or cease use of that information technology to perform the federal contract. Note that Personal cell phones not used in performance of a contract are not subject to this prohibition.

Information technology, as defined in 40 U.S.C. 11101(6)  

1. Means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use –
   • Of that equipment; or
   • Of that equipment to a significant extent in the performance of a service or the furnishing of a product;
2. Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but
3. Does not include any equipment acquired by a Federal contractor incidental to a Federal contract.
4. Note that Personal cell phones not used in performance of a contract are not subject to this prohibition.

How do I know if the research activities I engage in are subject to this ban?

• The ban is being implemented through a new clause at FAR 52.204-27 that appears in the federal contract either in full text or by reference.  The Office of Research Administration (ORA) or the Office of Research Support (ORS) will notify you if the contract clause appears in the federal contract that funds the research you are engaged in and is therefore applicable to you.

• If so, all employees working on the federal contract whether compensated by the federal contract or not are required to remove TikTok and any ByteDance application from any equipment used in the performance of the federal contract or cease use of that equipment to perform the federal contract. Personal cell phones not used in performance of a contract are not subject to this prohibition.

Prohibited Devices:

The National Defense Authorization Act for Fiscal Year 2019 (NDAA 889) prohibits federal agencies from using certain telecommunications and video surveillance equipment and services produced by certain companies, including Huawei, ZTE, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. Full details can be found on this General Services Administration (GSA) site.

This prohibition also extends to institutions that receive federal research funding. Institutions must ensure that any prohibited devices are not used in their research activities and should take steps to identify and mitigate any risks associated with the use of these devices. WFU has implemented procedures to mitigate these risks, but please ensure you are not using these prohibited devices and services within your units.