What is IM8?
IM8 stands for "Instruction Manual 8", which consists of government policies, standards, regulations, and codes of practice for IT security defined by MOF and IMDA. It is mandatory for government agencies to comply with IM8 policies.
IM8 - Policy on Personal Computers
There are many configuration requirements in this policy to protect the computer against malware and minimise data loss.
Some of the mandatory settings have were implemented earlier include enabling BitLocker harddisk encryption, BIOS protection, up-to-date anti-virus, complex password and so on.
The upcoming exercise from 11 Jul to 26 Aug 2016 is to execute the IM8 requirement for the Removal of Administrative Rights from the NPNet user PC. Service staff would be deployed to Departments for this exercise.
Admin Rights gives malicious software in your computer Full Rights to change the configuration, delete system files, install other malicious programs onto the computer, etc. Much data have been lost or stolen due to malware operating with Admin Rights. Hence, the IM8 mandates the removal of local Admin Rights from user PCs.
To better assist staff, authorized Computer IC or Technical Reps in departments have been given special accounts and privileges to install programs or change configurations for staff computers.
Please backup your data before the exercise. Details of the exercise and schedules would be shared through the department reps.
Email Support@np.edu.sg if you have further queries.
With effect from Oct 2016, 2nd –factor authentication would be implemented on Staff Campus VPN and Staff Internet VPN.
Staff will be prompted to enter a One-Time Passcode (OTP) in addition to their NPNet password when they login to Staff Campus and Internet VPN.
The 2-Factor Authentication (2FA) is an IM8 requirement to minimise the risk of impersonation or compromised password.
The 2FA exercise will be implemented in 2 phases:
Staff will be receiving two emails with instructions to (1) register their mobile devices and (2) set up/configure their mobile devices.
For more info, please refer to the FAQs.
Cerber ransomware attacks started on 22nd June 2016, targeting Microsoft Office 365 accounts. It was managed to be blocked by Microsoft 24 hours later.
This ransomware infects users' PC via Office file attachments and will encrypt user files once user enables the macros in the attached files. It will then play an audio file demanding a ransom to decrypt the files.
Microsoft advised that users who received suspicious attachments on June 22nd or June 23rd should delete the files immediately.
Sun, 24th Jul 2016, 10am – 10pm
The network maintenance will affect the connectivity NPal2 systems.
All NPal2 services will be unavailable during maintenance period.
Please email to Support@np.edu.sg should you require further information or clarification.