To: All Colleagues

Background Summary: The Macau Technical Specifications for Cybersecurity Vulnerability Management officially came into effect on January 1, 2026. As one of the “critical infrastructure operators,” the University must ensure that the management of campus information systems fully complies with legal requirements. To maintain a secure and compliant campus network environment, your cooperation is essential.

Impact on General Users: Although the regulation does not specifically target general users, your devices are a crucial part of the campus security ecosystem.

To strengthen overall protection, your support is important:

• Keep systems updated promptly: Updates are not only feature improvements but also essential security patches. Please install updates as soon as they become available.
• Use software from trusted sources: Avoid cracked or unverified software to prevent introducing security risks into the campus network.
• Enable two‑factor authentication (2FA): Strengthen your account protection to prevent unauthorized access.

Requirements for IT Technical Teams: To comply with the regulation, IT teams must implement a full lifecycle approach.

All technical personnel should follow the four‑stage cycle below to avoid management blind spots:

1. Asset Identification (Identify): Conduct a comprehensive inventory of all hardware and software assets (including laboratory and testing equipment) to ensure the asset list is complete and accurate.
2. Vulnerability Detection (Detect): Perform regular scans and continuous monitoring to shift from reactive responses to proactive detection.
3. Risk Assessment (Assess): Evaluate vulnerability severity according to regulatory standards and prioritise high‑risk issues.
4. Remediation and Mitigation (Remediate): Apply required patches within the stipulated timeframe. If updates cannot be applied due to research needs or legacy system constraints, implement compensating controls (such as network isolation) and keep proper records.

Effective vulnerability management requires everyone’s participation. Building a secure and compliant campus network depends on the joint efforts of all users and technical teams.

Should you have any enquiries or require assistance, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Related links:

• 《Macau Cybersecurity Law》（Chinese and Portuguese Versions Only)
• 《Regulation of Cybersecurity Management Standards》and《Regulation of Alert, Response and Communication of Cybersecurity Incidents》（Chinese and Portuguese Versions Only)
• 《Macau Vulnerability Management Regulations》（Chinese and Portuguese Versions Only)
  

Information and Communication Technology Office