YALE-MSS-9: Authentication and Authorization

Crowdstrike Outage Cybersecurity

Recently, a faulty update from CrowdStrike caused a worldwide technical outage. The outage mostly impacted Windows systems. CrowdStrike confirmed this was a technical issue and not a cybersecurity attack. However, we should be aware of how cybercriminals will use this outage to their advantage.

See all Minimum Security Standards >>

Standards

YALE-MSS-9.1: Ensure all account types are uniquely authenticated
YALE-MSS-9.2: Do not share account credentials (username/password)
YALE-MSS-9.3: Utilize secure passwords for authentication
YALE-MSS-9.4: Grant privileges to IT Systems and data according to the principle of least privilege
YALE-MSS-9.5: Deprovision accounts and access when roles & responsibilities change
YALE-MSS-9.6: Require Multifactor Authentication (MFA) for access to authenticated systems
YALE-MSS-9.7: Use University approved authentication methods
YALE-MSS-9.8: Secure and/or limit storage of authentication information
YALE-MSS-9.9: Allow only encrypted network protocols for authentication
YALE-MSS-9.10: Prevent brute force attacks
YALE-MSS-9.11: Use administrative and service accounts for their IT function only
YALE-MSS-9.12: Ensure authentication events are associated with an individual and not just an administrative or service account