YALE-MSS-1.2: Apply any additional security requirements required by external obligations

Standards Group:
YALE-MSS-1: System Classification

YALE-MSS-1.2: Apply any additional security requirements required by external obligations

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Yale Data and IT Systems may be subject to external obligations. These can be regulatory, legal, or contractual obligations. Review the External Obligations Guideline for more details. 

External obligations can increase the security controls required on the IT System. They can also increase Yale's obligations in the event of a cybersecurity incident. Any external obligation (federal regulations, third party contracts) will enforce this requirement. This is a reminder to make sure all security requirements for the system are reviewed and applied.

Note that HIPAA and PCI requirements are included in the Minimum Security Standards. If your IT System is subject to HIPAA or PCI, it must apply all MSS marked as required for high risk and HIPAA or PCI. If your IT System is subject to any other external obligations, those are not listed in the MSS. These external obligations may require specific security requirements in addition to the MSS. System support providers are responsible for understanding and implementing those additional requirements.

Controls