Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-1.1.2: Staff and fund IT security throughout the system's life

Standard:
YALE-MSS-1.1: Determine the system type and classify the IT system

YALE-MSS-1.1.2: Staff and fund IT security throughout the system's life

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

The staffing and funding of IT systems are critical to effective management and security.

IT systems must have an appropriate level of staff, now and in the future, to ensure systems are managed in accordance with their security requirements.

IT systems must also have appropriate funding in place to ensure ongoing support and maintenance. In addition, the appropriate budget must be in place to perform a technology refresh prior to hardware or software entering a deprecated state.

For endpoints, this standard is met by utilizing the Yale Managed Workstation service. For unmanaged endpoints containing Yale Data, a plan must be in place to designate staffing and funding to meet and maintain the Minimum Security Standards.