UW-Madison - IT - Vulnerability Scanning Policy

The Vulnerability Scanning Policy applies if you connect a computer or device of any kind and by any means to the UW-Madison network.

Background and Policy

In a campus-wide effort to reduce IT security risks and supplement existing security practices, DoIT will schedule periodic vulnerability assessments that consist of scanning campus computers for well-known high-risk exposures. In addition, DoIT may scan for vulnerabilities that are under current attack, e.g. codered, slammer worm, etc as needed.

This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.

The vulnerability assessments will include selective probes of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders to gain access to the network. The assessments will not search the content of personal electronic files on the scanned computers. In addition, the scans should not cause network outages although IT administrators may see log entries of the scans reflected in their logs.


Issued by the UW-Madison Vice Provost for Information Technology.


The University reserves the right to suspend access to preserve the integrity of the network.


Please address questions or comments to policy@cio.wisc.edu.


IT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary
IP numbers that originate scans: https://kb.wisc.edu/vulnerability/internal/page.php?id=59054
Effective:   Aug, 2007
Revised:    Aug, 2007 Rev B
Reviewed:  Nov, 2019
Review by: Mar, 2017
Maintained by: Office of the CIO, IT Policy

History at: https://kb.wisc.edu/itpolicy/cio-vulnerability-scanning-history
Reference at: https://kb.wisc.edu/itpolicy/cio-vulnerability-scanning-policy

Text in italics is not part of the official text. Please link to this page when referring to this document.

Keywords:policies policy procedures requirements statement procedure requirement requirements statements, faculty it-security-staff it-staff information-technology security, mobile-devices network personally-owned-devices security cybersecurity devices mobile networking personal personally telecommunications, collection monitoring, monitoring-and-mitigation privacy risk-management cdm mitigation monitoring risk rmf cioDoc ID:59271
Owner:Sara T.Group:IT Policy
Created:2016-01-01 14:22 CSTUpdated:2019-11-11 16:09 CST
Sites:IT Policy
Feedback:  32   0