As we wade into more aggressive security measures on all of our endpoint computers, we have been (for many years now) implementing the LAPS system as a way of easily providing local administrator credentials on an as needed basis. There are several reasons a user might need to request a LAPS credential set with the most common being the installation of specialized software that is not available <\/p>\n\n\n\n
Why are we really using LAPS?<\/strong> Here is an overview of the LAPS solution:<\/p>\n\n\n\n
CSU uses LAPS instead of granting permanent administrator privileges to individual accounts because CSU is required to meet U.S. Department of Defense (DoD) cybersecurity requirements on systems that may handle DoD Federal Contract Information (FCI). The DoD, CSU\u2019s largest federal research sponsor, requires compliance with baseline controls under CMMC Level 1, which prohibit unrestricted or persistent administrative access on personal accounts. While other federal agencies do not impose CMMC, this approach applies even if your current grant is not DoD-funded because CSU computers, networks, and support systems are shared across projects and must remain eligible for DoD use at all times. LAPS allows CSU to meet these requirements by separating day-to-day user access from secure, managed administrative access, ensuring systems remain compliant while still allowing necessary administrative tasks to be performed when needed. This is not a reflection of trust, but an institutional obligation tied to federal contract requirements on shared university systems.<\/p>\n\n\n\n