Services

Information Security

 

​Unit Security Dashboard (USD)

The USD is the primary method for sharing security information and metrics with the University IT community.

 FAQ

Performance Rating

An overall rating is calculated by taking the average system compliance percentage across three areas:

There are four different ratings based on overall compliance:

  • Cybersecurity Vanguard- Less than 85% of systems compliant with AD95 standards
  • Cybersecurity Champion- Between 85% and 90% of systems compliant with AD95 standards
  • Cybersecurity Hero- Between 90% and 98% of systems compliant with AD95 standards
  • Cybersecurity Legend- 99% or more of systems compliant with AD95 standards

 

Available Data

Overview
Vulnerabilities
  • Overdue
  • Overdue within 7 Days
  • All Known
  • Exceptions
  • Remediation Stats
  • UEM Vulnerability Stats
ATOs
Unsupported OSs
  • Details
  • Exceptions
Agents
  • Agents Dashboard
  • Installation Instructions
  • Broken/Misconfigured Agents
Inventory
  • Inventory Dashboard
  • UEM Dashboard
Firewall
  • Overview
  • Approved Firewall Registrations
Incidents
  • Compromised Accounts and Phishing
  • Security Incidents
Resources
  • Access
  • Security Training History

what can I access

Frequently Asked Questions

Click each topic below to expand it.

How do I get access to the USD?

By default, the following individuals have access to their respective Unit(s)/Sub-Unit(es) within the USD:

  • IT Director
  • Security Liaisons

If you do not fall into one of these categories, but would like access, ask someone above to contact unitsecdashboard@psu.edu and request access on your behalf.

How do I access the USD?

The URL is: https://search.splunk.psu.edu/en-US/app/unit_security_dashboard/unit_security_dashboard__overview

Note that you also must be on a Penn State network (e.g. the Penn State VPN or a Penn State wired or wireless network)

I addressed a vulnerability (e.g. by applying a patch). Why is it still showing up on the USD?

The likeliest explanations are:

  1. You didn’t actually address what the Nessus scan flagged.  Review the ‘Plugin Output’ to see what the latest scan results are flagging.
  2. A scan has not run since the vulnerability was addressed
    • Agent scans typically run twice a day. The exact time is negotiated with OIS at the time of set-up, and varies per unit.
    • Network scans run once per day on known critical/high vulnerabilities
  3. The USD has not refreshed since the scan verified the vulnerability was addressed.  See the previous question on the refresh rate of the USD.