Standard:
YALE-MSS-1.4: Designate and protect Critical IT Infrastructure
YALE-MSS-1.4.1: Maintain a tailored security plan that matches the security best practices for that specific system/technology
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Not Required
Moderate Risk Server
Not Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
A tailored security plan goes beyond the typical MSS controls to provide a comprehensive treatment of how a system is configured and protected.
A tailored security plan includes, but is not limited to:
- A complete and accurate inventory of dependencies, integrations, protocols used, and data flows
- A full accounting of the individual software components which make up the system and how those components are configured
- An accounting of cybersecurity risks, threats, and vulnerabilities for the particular sysem and how those risks are managed
- An outline of the security controls
- A roadmap to deploying secuirty controls which may be missing
The tailored security plan must be reviewed and updated (as necessary) at least every 2 years.
Critical IT Infrastructure owners should reach out to the vendor of the technology for additional information around best practices, including system hardening.