YALE-MSS-1.1.3: Determine if your system is Internet Accessible

Standard:
YALE-MSS-1.1: Classify the IT System and meet the Minimum Security Standards

YALE-MSS-1.1.3: Determine if your system is Internet Accessible

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Not Required Moderate Risk Server Not Required High Risk Server Not Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Any MSS marked with "Required for IA" is a requirement for Internet Accessible Systems.

Internet Accessible (IA) systems allow connections from the public internet without an additional layer of protection such as a Virtual Private Network (VPN). In general, if the normal way to access your system is through the internet, the system is internet accessible. 

Note: Private IP with a public reverse-proxy (like a load balancer) would be considered Internet Accessible.

Are you able to access this system from the internet, either directly or via a load balancer or reverse proxy?  If yes, this system is considered to be Internet Accessible.

Internet accessible systems allow connections from the public internet. This presents more risk to the IT System. As a result, more security requirements apply. The definition and requirements for Internet Accessible systems are in the MSS Key.