[an error occurred while processing this directive]
Data Security Program

Digital Device Security at the School of Medicine

The School of Medicine is dedicated to encrypting all Stanford-owned computers used by Stanford employees who work at the school, and to encrypting all Stanford-owned or personally-owned computers and mobile devices used by Stanford employees and affiliates who work with High Risk Data (previously Restricted or Prohibited Data). (As of May 31, 2015, all computers on the Stanford network should be encrypted as well.)

The BigFix security management tool is a small software program that enables the enterprise management of software updates and provides a central mechanism for auditing compliance with School of Medicine policies. This is critical, since a wide variety of the data used at the School of Medicine carries legal requirements for rigorous protections, and the lack of definitive proof that such protections are in place can have severe consequences. In the case of Protected Health Information, for example, HIPAA requires that proof of encryption be provided in the event a computer is lost or stolen. BigFix can provide such proof.

To support the need for auditing and rigorous data management, School of Medicine policy requires the installation of BigFix on all laptop, desktop computers and VM machines that may be used to store or access High Risk data. This includes both Stanford-owned and personally-owned computers.

BigFix will have no measurable impact on the performance of your computer.

More information on BigFix can be found at http://patching.stanford.edu/

BigFix must be installed on all laptops and desktops used by individuals who may access High Risk data; this includes Stanford-owned and personally-owned computers. Whether you use a Stanford- or personally-owned machine to access the hospitals' EPIC systems, it is subject to the University Data Security policy and must fully meet all University security requirements. BigFix, however, should not be installed on computers owned by SHC or LPCH. See: BigFix Installation guide »

BigFix, which is automatically included in the Stanford SWDE tool, is not required for devices used by individuals with NO access to High Risk data. The University requirement for devices used by these people is that they must be verifiably encrypted and another tool, VLRE, will be an alternative to SWDE that enables verification of encryption but includes more manual processes managed directly by the end user rather than provided centrally.

1. You can easily verify whether BigFix is installed on your computer by looking for the BigFix icon (which will first appear an hour or two after the initial installation of BigFix).

BigFix icon

In Windows, the icon will appear in
the Windows task tray.

In MacOS, the icon will appear in the top nav bar.

2. There may be times when the BigFix icon may not appear on your computer though the software is installed. In these cases you can also verify installation by looking in your computer's Applications folder.

For MACS
  1. On your hard drive, navigate to Applications > Utilities > Activity Monitor.
  2. Be sure that All Processes is selected at the top of the window, sort by "Process Name", and look for the BESAgent (BigFix Enterprise Suite agent) in the list of processes.
  3. If you don't see the BESAgent listed, please install BigFix.
For PCS
  1. Open the Windows Task Manager by pressing CTRL + ALT + DELETE and clicking the Task Manager button.
  2. Click the Processes tab and look for BESClient.exe in the list of processes.

    Note: If you are using Windows 7 or Windows Vista, click Show processes from all users.

  3. If you don't see BESClient.exe listed, please proceed to Install BigFix.

3. If you do not have BigFix installed, you can install it yourself by visiting the BigFix Installation page. You can also get assistance by contacting IRT Help at 725-8000.

You can install it yourself by visiting the BigFix self-serve page at https://med.stanford.edu/datasecurity/bigfix.html. You can also get assistance by contacting IRT Help at 725-8000.

There were some issues with BigFix on Macs, running the older version of the BigFix agent. This was remedied by upgrading to version 9, as of 5/1/13. If you have a problem, you can either uninstall and reinstall the current version, or reach out to IRT for help at 650-725-8000.

The BigFix device dashboard provides you with up-to-date information on a specific computer's compliance status, including BigFix registration and backup and encrpyption completion. For information on the compliance status of all of your devices, see the AMIE tool at https://med.stanford.edu/datasecurity/amie/

The BigFix device dashboard also gives you access to the Data & Device Attestation and the Device Identification Survey for that particular machine, should you wish to change your answers.

BigFix Dashboard

You can open the BigFix device dashboard by clicking the BigFix icon on your machine. NOTE: When you first install BigFix, the BigFix icon will take an hour or two to appear (of your computer being up and online).

BigFix icon

In Windows, the icon will appear in
the Windows task tray.

In MacOS, the icon will appear in the top nav bar.

BigFix is used to report basic system information such as the operating system version, amount of memory, software applications installed and security patches applied. We have also added some SoM-specific properties around backup status, encryption status, and information that you have provided though BigFix-generated surveys.

For a full list of standard properties retreived by BigFix, see: https://itservices.stanford.edu/service/bigfix/retrieved_properties

Uninstalling Big Fix (Mac)

1. Download the BigFix installer from the Mac tab on the BigFix Guide.

2. Open the Bigfix_821322.dmg file and you will be given the option of AgentUninstaller and BigFix_Mac.pkg

3. Select "AgentUninstaller" and click to "Open"

4. You will be prompted to verify that you wantto uninstall BigFix. Click "Ok" to begin the uninstallation process.

5. You wil see a dialogue box stating that the uninstlaler files wants to make changes. Enter your admin password and click "Ok"

6. When the process completes, restart the computer.

Removing Big Fix (Windows)

1. Click the Start button and type “Add and Remove Programs.”

2. Locate the program called “Tivoli Endpoint Manager Client;" this is the same as BigFix. Click on the program and select “Uninstall.”

3. You will be asked to verify that you want to uninstall the Tivoli Endpoint Manager Client. Click "yes" to begin the uninstall process.

4. When the process completes, restart the computer.

No. BigFix has no measurable impact on computer performance.

BigFix runs on all Windows and Macintosh computers running an OS from the past 5 years (and maybe more).

Computers which are too old to comply should be replaced with modern, securable, and supportable equipment. If you have an oler computer which CANNOT be replaced (i.e.: it operates specialized research equipment or software, which can only be run from an older computer), then contact IRT to request a Data Security Exception and implement security requirements to protect your critical processes and data.

If you attest No to having access to High Risk data and use a personally-owned computer on the Stanford network, it must be verifiably encrypted, but BigFix is not specifically required.

If you attest Yes to having access to High Risk data, any personally-owned device used for Stanford work must be specifically SWDE-encrypted, which includes BigFix for acceptable encryption verification.

A personally-owned computer that is not used on the Stanford network and is not used for Stanford work should not be attested to and does not need to be verifiably encrypted or run BigFix.

Once BigFix has been installed, your computer will become part of the set of devices managed by the School of Medicine's IT staff and will report on your backup status if you are using the School of Medicine CrashPlan instance. It does not, however manage your backup. You manage your own preferences in CrashPlan's configuration and can choose what personal information is or is not included in this backup.

Yes. BigFix is licensed for use by Stanford affiliates, and it permits Stanford IT staff to centrally-manage your computer. When your Stanford affiliation ends, it would be appropriate to uninstall BigFix.

Please review the Leaving Stanford page for specific instructions.

If you still need assistance in uninstalling BigFIx, please submit a Help ticket.