Skip to main content

Possible Action Required: Critical Vulnerability for Computers Running Google Chrome

A serious security vulnerability has been identified in Google Chrome web browsers. Individuals using non-managed devices should update immediately.  Applying updates is the most important step you can take to keep your data and systems safe. 

If you have an ITS Managed computer, no action is required. ITS Managed workstations will be automatically updated starting Wednesday, October 28, 2020. 
 

Read More

Approved Services by Risk Classification

know your risk icon

This table indicates the risk classifications allowed on common Yale IT Services.

If the Yale IT System you want to use is not listed here, that is okay. The Information Security Office (ISO) can review the system you want to use to ensure it is secure. We do this through the Security Design Review (SDR) process. The SDR ensures that the Yale IT System meets and maintains the MSS for its risk classification. To request an SDR, visit the SDR webpage.

 

Approved Services by Risk Level
Services Low Risk Moderate Risk High Risk
Audio and Video Conferencing: Zoom (local storage), Skype for Business, Microsoft Teams Yes Yes Yes
Audio and Video Conferencing: Zoom (cloud storage), WebEx, Cisco Meeting Place Yes    
Data Backup: CrashPlan, Storage@Yale Yes Yes Yes
Calendar: Office 365 Yes Yes Yes
Calendar: EliApps      
Clinical Trials Management: Oncore Yes Yes Yes
Cloud Infrastructure: ITS AWS Secure/HIPAA Zone* Yes Yes Yes
Cloud Infrastructure: ITS AWS Spinup    Yes Yes Yes
Cloud Infrastructure: Microsoft Azure Yes Yes Yes
Content Management: Drupal, CampusPress (WordPress) Yes    
Database Hosting Service: ITS AWS, ITS Data Center Yes Yes Yes
Database Hosting Platform: SQL, Oracle Yes Yes Yes
Document Management: Box at Yale, EliApps, Google Team DriveGlobus Yes Yes  
Document Management: Secure Box, Sharepoint, Storage @ Yale, Office 365 OneDrive, Microsoft Teams Yes Yes Yes
Email: Office 365 (for internal and YNHH systems), Office 365 (for external, use encrypted email) Yes Yes Yes
Email: EliApps, Google Mail Yes Yes  
Encryption: Bitlocker, FileVault Yes Yes Yes
File Storage: Storage @ Yale, Secure Box, O365 One Drive, Microsoft Teams Yes Yes Yes
File Storage: Box at Yale, EliApps, Google Team DriveGlobus Yes Yes  
File Transfer: Yale Secure File Transfer Yes Yes Yes
Instant Messaging: O365 Skype for Business, Microsoft Teams Yes Yes Yes
IT Service Management: Service-Now Yes Yes  
Personal Health Record System: Hugo Yes Yes Yes
Survey Tool: Qualtrics, RedCap Yes Yes Yes
Survey Tool: Survey Monkey, Doodle, Sawtooth Yes    
Voice Messaging: Cisco Unified Messaging: Cisco Unified Messaging Yes    
Virtual Private Network (VPN): ITS VPN Yes Yes Yes
If the Yale IT System you want to use is not listed, it is not approved for specific risk classifications.

 

*The AWS HIPAA Zone must be used when dealing with any personally identifiable patient information or human subject data. The AWS Secure Zone is to be used for all other categories of High Risk Data. For questions, please contact helpdesk@yale.edu.

 


All Yale IT Systems must have a risk classification. All Yale IT Systems must meet the Minimum Security Standards for their classification. See the Risk Classification Guideline or Yale's Minimum Security Standards for more details.