YALE-MSS-5.1: Utilize an industry-standard secure configuration method

Standards Group:
YALE-MSS-5: Software Security

YALE-MSS-5.1: Utilize an industry-standard secure configuration method 

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Required for PCI Low Risk Server Not Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Review the secure configuration standard and make risk-based decisions when choosing not to apply specific controls. Document your decisions and review them regularly.

There are secure configuration standards available for most IT Systems. This includes hardware, software, and firmware. 

Yale requires you to implement an industry-standard secure configuration method. When applicable, the CIS (Center for Internet Security) Benchmarks are Yale's preferred standard.  For more information on the CIS benchmarks, visit: https://www.cisecurity.org/cis-benchmarks/

An industry-standard secure configuration method aids the implementation of security best practices. Use an industry-standard configuration method tailored to your hardware, software, or firmware. This ensures you are meeting security best practices for your IT System. 

Controls