As of March 15, The Information Security Office (ISO) reorganized Yale's Minimum Security Standards (MSS). The purpose of this reorganization is for consolidation and comprehension. The requirements in the MSS have not changed.
What has changed?
- Consolidated Standards Groups (Yale-MSS-X) from 16 to 14. Download a PDF of the new Standards Group.
- Reworded and consolidated standards.
- Refreshed MSS webpage organization based on roles and their interactions with the MSS.
- Clarified language throughout the MSS and its supporting web pages.
What hasn't changed?
The requirements in the MSS have not changed. If you met the MSS before, you still meet them now.
The future of the MSS
Yale's Minimum Security Standards (MSS) are based on Yale's dynamic risk landscape. As risks evolve, so does the MSS. Our goal is to continue to improve the MSS to reflect this relationship. When requirements change, the appropriate communications will be sent in advance. This advance notice will allow for planning to meet any new, applicable requirements.
In the interim, we will continue to work to clarify these standards and provide more guidance. We encourage you to contact us with any questions or comments by emailing information.security@yale.edu.
The future of MSS Training
Over the past two years, we provided the MSS Roadshow training. This training was successfully offered to all IT at Yale. The foundational course, MSS 101, will continue to be offered in an online format. Going forward, MSS training will evolve into a series of MSS Lunch and Learns.
These Lunch and Learns will feature a subject matter expert based on the Standards Group being covered. Please attend and encourage your team members to attend these events. There will be an opportunity to ask questions about applying the MSS to IT Systems at Yale.
For any questions or concerns about the MSS Reorganization, please email information.security@yale.edu.