Standards Group:
YALE-MSS-1: System Classification
YALE-MSS-1.7: Complete a Security Planning Assessment (SPA)
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
The Security Planning Assessment (SPA) is Yale’s process to highlight and manage cybersecurity risk through compliance with the Minimum Security Standards (MSS) and any external obligations.
A SPA will highlight areas that put Yale data or IT systems at risk.
Additional information on the Security Planning Assessment process as well as some frequently asked questions can be found on the Security Planning Assessment (SPA) page.
A SPA is not required for low-risk systems hosted by a vendor/third party.