Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-1.7: Complete a Security Planning Assessment (SPA)

Standards Group:
YALE-MSS-1: System Classification

YALE-MSS-1.7: Complete a Security Planning Assessment (SPA)

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

The Security Planning Assessment (SPA) is Yale’s process to highlight and manage cybersecurity risk through compliance with the Minimum Security Standards (MSS) and any external obligations.

A SPA will highlight areas that put Yale data or IT systems at risk.

Request a SPA when any of the following conditions apply:

  • A new Yale IT system is being built or purchased
  • An existing IT system has not completed the SPA process
  • A significant change to hardware, software, hosting provider, or risk classification is made to an existing IT system which has a completed SPA
  • When sufficient time has passed since an IT system’s last SPA:
    • 2 years for high-risk systems
    • 3 years for moderate-risk systems
    • 4 years for low-risk systems

Additional information on the Security Planning Assessment process as well as some frequently asked questions can be found at https://cybersecurity.yale.edu/spa.

A SPA is not required for low-risk systems hosted by a vendor/third party.