The Systems Administration Initiative (SAI) is a mandatory monitoring program for UNC-Chapel Hill systems (servers, appliances, and network devices) that host sensitive information and/or are designated as mission critical. Participation in this program ensures these systems and the data stored on them are compliant with the UNC-Chapel Hill Information Technology Vulnerability Management Policy.
Do I Have to Enroll My System in SAI?
Any system that hosts *sensitive data or is designated as **mission critical requires enrollment in SAI.
*Sensitive data is defined as data that is protected against unwarranted disclosure (I.e., SSNs, credit card numbers, student grades, health information, research data). Please click here for additional examples of sensitive data.
**A mission critical system is defined as a system that is so critical to the mission of the business unit that any incident requires immediate attention.
How Do I Enroll a System in SAI?
Systems are enrolled in SAI via Qualys and the SAI Portal (Note: Only approved system administrators can obtain access to Qualys and the SAI Portal). Qualys is a licensed product offered by UNC Chapel Hill’s Information Technology Services to perform vulnerability scanning. The SAI Portal is an in-house application used to manage and track systems that host sensitive information and/or are designated as mission critical. The application allows system administrators to register systems, track aging vulnerabilities and remediation efforts, file exception and false-positive requests, designate sensitive data types for each server, and provide data owner and customer contact information for each system. The Information Security Office manages this application.
How Do I Get Access to Qualys and/or the SAI Portal?
Please contact your department’s Information Technology Support person(s) for questions regarding obtaining access to Qualys and/or the SAI Portal or if you have questions regarding enrolling a system in SAI.
Please visit the SAI website for more detail. (Onyen authentication required).