Standards Group:
YALE-MSS-11: Security Training
YALE-MSS-11.1: Require security training for all users of Yale Data and Yale IT Systems
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
Ensure all users are informed, understand their roles and responsibilities, and complete assigned security training.
System support providers are responsible for providing clear oversight, training, and documentation. This includes, but is not limited to:
- Communicating the system’s classification level and the corresponding security expectations.
- Outlining instructions for any roles and responsibilities the user has in meeting and maintaining the MSS.
- Defining and documenting appropriate user roles and permissions, including any restrictions based on data sensitivity or job function.
- Delivering training that outlines end-user responsibilities for safeguarding data, maintaining secure workflows, and reporting suspected issues.
- Ensuring users have access to up-to-date reference materials, procedures, and support resources that enable secure use of the system.
- Regularly review and update guidance to reflect changes in system functionality, security requirements, or organizational policy.