YALE-MSS-1.1.3: Determine if your system is Internet Accessible

Standard:
YALE-MSS-1.1: Classify the IT System and meet the Minimum Security Standards

YALE-MSS-1.1.3: Determine if your system is Internet Accessible

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Any MSS marked with "Required for IA" is a requirement for Internet Accessible Systems.

Internet Accessible (IA) systems allow connections from the public internet without an additional layer of protection such as a Virtual Private Network (VPN). In general, if the normal way to access your system is through the internet, the system is internet accessible. 

Note: Private IP with a public reverse-proxy (like a load balancer) would be considered Internet Accessible.

Are you able to access this system from the internet, either directly or via a load balancer or reverse proxy?  If yes, this system is considered to be Internet Accessible.

Internet accessible systems allow connections from the public internet. This presents more risk to the IT System. As a result, more security requirements apply. The definition and requirements for Internet Accessible systems are in the MSS Key.