YALE-MSS-5.1: Utilize an industry-standard secure configuration method

Standards Group:
YALE-MSS-5: Software Security

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Required for PCI Low Risk Server Not Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Details and definitions

Security configuration standards aid the implementation of best practices and are available for most IT systems. Use of a standard such as the CIS (Center for Internet Security) Benchmarks, preferred by Yale, helps to ensure these practices are being met.

Note that this control is not exclusively concerned with operating systems. Yale's preference for Web application programming and the configuration of Web services is the Application Security Verification Standard by the Open Worldwide Application Security Project.

Guidance

Select, review, and apply a security configuration standard, being careful to make risk-based decisions when choosing not to apply specific controls. Document your use of the standard, as well as any decisions to not employ certain controls. Review and revise this documentation regularly.

Controls

YALE-MSS-5.1.1: Utilize file integrity and configuration checking tools

YALE-MSS-5.1: Utilize an industry-standard secure configuration method

Standards Group:YALE-MSS-5: Software Security

Details

Controls

Standards Group:
YALE-MSS-5: Software Security