YALE-MSS-1.1.2: Determine your system type

Standard:
YALE-MSS-1.1: Classify the IT System and meet the Minimum Security Standards

YALE-MSS-1.1.2: Determine your system type

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

To apply the MSS, you must determine your system type. The MSS outlines four different system types. 

System Type Table

System Type

Definition

Examples
Endpoint  An endpoint is any device that is physically an endpoint on a network. This means it communicates back and forth with the network it connects to. Endpoints do not host any network resources for other endpoints to connect to. Desktops, laptops, POS Terminals
Server A server is a computer that processes requests and/or delivers data to other computers. A server processes requests or delivers data over the network it connects to. Servers share network resources with endpoints.  Web, file, email, and database servers including virtual machines and containers running at Yale or in cloud providers like AWS, GCP, Azure.
Mobile Device A mobile device is a portable, usually handheld, computer. Like endpoints, a mobile device communicates with the network it connects to. Mobile devices differ from endpoints in that they usually run mobile operating systems. These mobile operating systems have varying security requirements from endpoint. Smartphones, tablets
Network Printer

A network printer is a printer connected to a network. Network printers receive their print jobs via a print server. 

Note: This does not include personal printers. Personal printers process print jobs through a physical connection to an endpoint. 

 Papercut Printers

Critical IT infrastructure

Some Yale IT Systems are too complex in nature to solely rely on the MSS for their security requirements. We refer to these systems as “Critical IT Infrastructure”. The definition and requirements of Critical IT Infrastructure are found in Yale-MSS-1.4

Internet Accessible Systems

Internet-accessible systems allow connections from the public internet. This presents more risk to the IT System. As a result, more security requirements apply. The definition and requirements for Internet Accessible systems are in the MSS Key.

The Minimum Security Standards are baseline security requirements for protecting IT Systems based on the risk they carry. Different IT System types require different security controls to protect them appropriately. 

Determine your system type to understand which controls apply to your IT System using the definitions above. 

Once you know your system type and risk classification, you can filter for your MSS requirements using the MSS Calculator. 

View the MSS Calculator

To view a full list of the MSS for all system types and classifications, see the MSS List. 

View the Complete MSS