Standards Group:
YALE-MSS-1: System Classification
YALE-MSS-1.6: Plan for meeting and maintaining the security requirements for the IT System
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
The security requirements for a Yale IT Systems include the Minimum Security Standards (MSS), as well as any external obligations to protect the IT System or the data the IT System contains.
The MSS is:
- A set of baseline engineering requirements for building and maintaining secure IT Systems at Yale.
- A way to connect the openness of Yale's technology environment to security responsibilities.
- A continuous process to ensure Yale builds and maintains secure IT Systems throughout their life cycles.
The MSS is not:
- A documentation exercise to turn into the Information Security Office (ISO).
- A one-time requirement that is not revisited after the IT System goes into production.
There are various ways people plan for and operate their departments and systems. This standard represents the full scope of what security planning includes. This is not a requirement for documentation. For guidance on how to plan and maintain the MSS, see the guidance section below.
A way to plan to meet and maintain the MSS can be following these five steps:
- Classify the System
- Know Your Game Plan (i.e. build your shared responsibility model)
- Complete an MSS Gap Analysis
- Create an MSS Roadmap
- Communicate the Classification and user responsibilities