WiscVPN GlobalProtect Host Information Profile (HIP) Compliance

When you use the GlobalProtect client to connect to WiscVPN, GlobalProtect gathers and logs information about your device into what is known as a Host Information Profile (HIP) Report. This document provides details about the compliance checks being evaluated and how they align with UW–Madison security policies and standards (e.g., UW-526 and the Endpoint Management and Security Policy Standards).

Devices connecting to WiscVPN are checked against UW-Madison's Endpoint Management and Security Policy Standards as a baseline. For auditing and potential future alerting purposes, the following compliance checks are performed to align with the Low security level in the published standards.

Please note that additional checks may be performed for auditing and/or analysis purposes.

Operating System

The operating system on the device must be:

Actively supported
Security updates applied within 90 days
- Note: Critical patches may be required in less than 90 days based on the Vulnerability Management section of the Endpoint Management and Security Policy Standards and anticipated threat to the university.

Definitions

Actively supported: An operating system that is currently receiving routine security updates from its developer or vendor. Paid extended support that includes security updates is considered actively supported.

Security Update: A software patch or modification released by the OS vendor to fix vulnerabilities that could be exploited by malicious actors

Endpoint Detection & Response

Endpoint Detection & Response (EDR) software, also known as antivirus, must:

Be installed and actively running
Provide real-time protection
Virus definitions must be within the last 7 days

Palo Alto GlobalProtect uses OPSWAT technology to detect and asses third-party security applications on the endpoint. Any EDR product identified by OPSWAT and meeting all of the requirements will pass the baseline test.

This check is not available on Android, ChromeOS or iOS/iPadOS devices.

Definitions

Endpoint Detection & Response (EDR): Also known as antivirus and/or anti-malware, this software is designed to monitor, detect, and respond to threats on endpoints. Examples include: Cisco Secure Endpoint, Microsoft Defender, Apple XProtect, ClamAV.

Real-time protection: The EDR solution is actively monitoring the system for threats as they occur. This often includes analyzing files as they are created/downloaded, monitoring active processes for malicious activities, etc.

Virus Definitions: A set of data files used by EDR solutions to identify known threats. These files are typically updated daily, or even multiple times a day, by most vendors.

Keywords:

HIP WiscVPN VPN GlobalProtect Global Protect Palo Alto Host Information Profile compliance antivirus anti-malware operating system OS version

Doc ID:

155381

Owned by:

Kerry T. in Smart Access

Created:

2025-10-08

Updated:

2025-11-06

Sites:

Smart Access

0 0 Comment Suggest new doc