It is important for the protection of the network that these devices are kept secure and do not compromise our data.   

Minimum Security requirements

Any RMIT staff, student or researcher administering non-ITS managed servers or workstations (excluding mobile devices) should meet minimum security requirements and comply with RMIT policy. Specifically:

  • Apply patches and keep software up to date (OS and applications)
  • Maintain up-to-date antivirus on Windows devices

Australian Cyber Security Centre (ACSC) guidance

The Australian Cyber Security Centre has published additional guidelines that compliment RMIT policy and provide further security details. They are a suitable reference for RMIT staff administering non-ITS managed servers or workstations and include: 

  • OS versions and configuration
  • local administrator accounts
  • application management and control
  • host-based intrusion prevention
  • antivirus software
  • Plus more…including Windows 10 workstation hardening configuration


Windows devices that are RMIT owned but not managed by ITS are included in the University Windows Defender Antivirus license and come with Defender AV installed. You should check that it is enabled by default. Do not run a version of Windows that is out of support from Microsoft.

Antivirus for non-Windows OS is recommended, but must be sourced at your discretion through your College, School or Department and procured in compliance with RMIT policy.

Automatic updates

All non-ITS managed devices must be configured to receive automatic updates. Refer to ACSC guidelines for set up instructions.

Linux updates are available from your Linux distributor and should be enabled.