Cybersecurity is one of the most important risks an organization faces. Every university device is a link in the chain, and our security is only as strong as the weakest link. Accordingly, every university-issued device must have endpoint detection and response (EDR) software (also known as malware detection software) installed.
Installing UMD’s official EDR software (CrowdStrike Falcon) on all computers owned or operated by the University of Maryland is a critical part of our cybersecurity strategy. It is also a mandatory control under the University System of Maryland’s Cybersecurity Standard v5.1. Additionally, nearly all of our research grants and contracts include legal terms that drive requirements for EDR tools. In managing a recent cybersecurity incident, DIT security staff discovered that such tools were not being used on all systems in the impacted unit.
If you use a university-issued computer, we ask you to promptly check that all UMD devices you use are compliant with this requirement. You can find instructions in this IT support article: How to confirm CrowdStrike Falcon sensor is installed. If you discover a device without CrowdStrike Falcon installed, please email itsupport@umd.edu with the serial number or asset tag number of the device (generally located on the bottom of a laptop). Please note that the UMD distributions of CrowdStrike Falcon are NOT licensed for computers that are not owned or operated by UMD.
If you have a role administering a UMD-owned computer, please remember that CrowdStrike Falcon must be installed on all Windows, MacOS, and Linux devices, regardless of whether they are work stations or servers. This requirement applies regardless of how they are being used: administration, teaching, research, or service. Likewise, devices that are not Internet-facing must also have CrowdStrike Falcon installed. If there are truly exceptional circumstances where it is not technically possible to run CrowdStrike Falcon on a system, a local IT staff member may apply for a waiver of the requirement for a specific device (i.e., the serial number and asset tag number of the device must be part of the request). Only the University of Maryland’s Chief Information Security Officer (CISO) or designee may approve a waiver. Specifically, IT staff and faculty may not waive this requirement.
Failure to follow this requirement puts UMD’s computers and information systems at risk. The potential monetary fines, legal liability and reputational damage of not taking this basic security step are significant. In addition, failure to comply is a violation of UMD’s Acceptable Use Policy, which can result in disciplinary action up to and including termination for faculty, staff, and GAs who are responsible for such non-compliance.
Thank you for your attention to this critical matter. If you have questions, please reach out to the IT Service Desk.
-- Adapted from an email to all UMD faculty and staff sent March 11, 2026 and signed by Jeffrey K. Hollingsworth, Vice President and Chief Information Officer, and Jay Roselló, Vice President for Legal Affairs & General Counsel --