Standard:
YALE-MSS-1.2: Apply any additional security requirements required by external obligations
YALE-MSS-1.2.1: Ensure you can meet any obligations in the event of a security incident or data breach
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
External obligations can mandate Yale's obligations in the event of a security incident or data breach. Ensure you have a process in place to meet these obligations.
Do users understand how to report a suspected security incident?
Who should users reach out to if they suspect a security incident?
Who is responsible for contacting the Information Security Office?
Can an incident be identified/reported to ISO within the time frame mandated by the external obligation?