Standards Group:
YALE-MSS-1: System Classification
YALE-MSS-1.7: Complete a Security Planning Assessment (SPA)
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
A Security Planning Assessment (SPA) is a process to ensure the security of Yale IT Systems.
A SPA is not required for low-risk systems hosted by a vendor/third party. You can request a Security Planning Assessment by visiting the SPA webpage.
A SPA will highlight areas that put Yale Data or IT Systems at risk.
SPAs should be revisited according to the following schedule:
- Every two years for High Risk systems
- Every three years for Moderate Risk systems
- Every four years for Low Risk systems