Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-9.4: Deprovision accounts and access when roles and responsibilities change

Standards Group:
YALE-MSS-9: Authentication and Authorization

YALE-MSS-9.4: Deprovision accounts and access when roles and responsibilities change

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Deprovisioning is the process of revoking an account's access rights, disabling accounts, and removing credentials for systems and data.

Ensure accounts are deprovisioned to reflect necessary access when an individual's role or responsibilities change or a user is terminated.

Perform a review of accounts at least annually.

For service accounts, credentials must be rotated immediately after any authorized individal no longer needs access to the account.

For systems with the PCI external obligation:

  • access for terminated users is immediately revoked
  • inactive user accounts must be disabled within 90 days