Vulnerability Assessment Requirements

["Brown, Christopher" <cebrown () REGIS EDU>]

Greetings,
 
I am throwing this question out there to schools who have implemented a
vulnerability assessment solution such as CCA, Impulse Point, or Campus
Manager.  (Note, I am not trying to start a debate on one versus the
other.)  We are working to get CCA ready for our students this fall and
I was wondering what other schools have decided upon regarding the
requirements they are imposing on their student's PCs.  With CCA you can
check for a lot of things: service packs, Microsoft updates, existence
of anti-virus software, the age of antivirus definition, installed
programs, a missing installed program, etc.  I am curious to find out
what requirements other schools have used?  Do you allow a grace period
or do you require that new updates and virus definitions are necessary
as soon as they become available?  
 
Thanks in advance,
Chris Brown
Information Technology Services
Network/Telecom Administrator
Regis University, Denver CO