Skip to main content

Minimum Security Standards (MSS) Lunch & Learns

 

 

"got MSS?" on blue background

Have questions about Yale’s Minimum Security Standards (MSS)? Do you know how to apply the MSS to your IT Systems? The MSS Lunch & Learns will feature subject matter experts from the Information Security Office who will provide discussions around:

  • Each of the 14 MSS standards groups
  • How to apply the MSS to systems you manage or support
  • Completing an MSS review
  • Preparing for a Security Planning Assessment (SPA)

What are the Minimum Security Standards (MSS)?

The Minimum Security Standards (MSS)  are baseline requirements for securing Yale IT Systems to ensure we build and maintain secure Yale IT Systems based on the risk they carry. A Yale IT System is a system that uses Yale data and/or operates in support of Yale’s mission. All Yale IT Systems must meet and adhere to the MSS. 

What are the MSS Lunch & Learns?

The MSS Lunch & Learns will provide opportunities to learn from subject matter experts on each of the 14 MSS standards groups. Each session will offer a review of specific standards groups. 

Each session will start with a discussion on the standards group(s). We encourage you to come with your specific questions that can be addressed in the Q&A session of the Lunch and Learn. 

The table, below, provides details about each session including:

  • The standards group(s) covered
  • A brief description of the information to be covered
  • The scheduled date for the session

Who should attend the MSS Lunch & Learns?

The MSS Lunch & Learns are open to anyone interested in learning more about the MSS or how they apply to the SPA process. 

The sessions will provide critical information about applying the MSS to an IT System and conducting an MSS review. You should plan to attend the MSS Lunch & Learns if either of the following apply:

  • You are a system decision maker planning a new system or an update to an existing system
  • You are a system support provider configuring a system you support

For more details on these roles see What is my role in applying the MSS at Yale? on Yale's Minimum Security Standards (MSS) webpage.

MSS Lunch & Learn Schedule

Standards Group(s) Description Date Registration Link Presentation Slides

YALE-MSS-1:
System Classification

YALE-MSS-11:
Security Training

Know your requirements based on the system type and risk classification. If your risk classification changes over time, your requirements will change. This category is a prerequisite to meeting and maintaining the rest of the MSS.

Ensure users and third-party vendors know the role they play in the IT System’s security. This can be how they use and/or support the system securely.

April 17, 2024 Registration closed Download presentation

YALE-MSS-2:
System Inventory

YALE-MSS-3:
Disaster Recovery (DR)

YALE-MSS-10:
Network Exposure

YALE-MSS-12:
Intrusion Detection

Know what your security requirements apply to. This category is a prerequisite to risk classification and meeting the MSS.

Create a step-by-step procedure to restore the IT System in the event of a disruption. Test the plan to ensure it is successful and meets your availability requirement or recovery time objective (RTO).

Determine network security for the IT Systems that connect to the network. The goal of this category is to limit network exposure.

May 15, 2024 Registration closed Download presentation

YALE-MSS-4:
Physical Security

YALE-MSS-7:
Data Protection

Ensure the system is physically secured based on its risk classification. These controls will vary based on where the system is physically located.

Ensure data protection controls are in place. This includes how the data is encrypted, backed up, and used securely by the IT System.

June 13, 2024 Register  
YALE-MSS-5:
Software Security
Make security-conscious choices for configuring your software, and firmware. This includes running supported operating systems and software for commercial, in-house, and open-source software. July 17, 2024 Register  
YALE-MSS-6:
Patching
Ensure a process is in place to apply security updates (a.k.a. patches) routinely and actively. This includes establishing an emergency patch process for critical vulnerabilities. August 21, 2024 Register  
YALE-MSS-8:
Application Development Security
Implement secure software development lifecycle (SDLC) practices when deploying software and applications. This includes testing for common security flaws. September 18, 2024 Register  
YALE-MSS-9:
Authentication and Authorization
Manage authentication and authorization lifecycle management for user and privileged accounts. October 16, 2024 Register  
YALE-MSS-13:
Logging
Ensure all system components are logging relevant security data. Preserve relevant security data in the event of an incident. November 13, 2024 Register  
How to Complete the SPA Process Learn about the SPA process including how to prepare, how to request, and what to expect throughout the process. December 18, 2024 Register  

 

Yale's Minimum Security Standards

The Minimum Security Standards (MSS) are baseline requirements for securing Yale IT Systems. The MSS helps us address Yale’s risk landscape and deliver the Yale mission securely.

View the MSS

Applying the MSS to IT Systems

This page explains how to read, understand, and apply the Minimum Security Standards (MSS) to a system.

View the Applying the MSS to IT Systems page

Security Planning Assessment (SPA)

The SPA process establishes the security of Yale IT Systems. The process also ensures you have a plan to operate a secure IT System through the life span of the system.

Find out more about the SPA process