Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-9.5: Require Multifactor Authentication (MFA) for access to authenticated systems

Standards Group:
YALE-MSS-9: Authentication and Authorization

YALE-MSS-9.5: Require Multifactor Authentication (MFA) for access to authenticated systems

Low Risk Endpoint Required for IA Moderate Risk Endpoint Required for IA High Risk Endpoint Required for IA Low Risk Server Required for IA Moderate Risk Server Required for IA High Risk Server Required for IA Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Required for IA Moderate Risk Network Printer Required for IA High Risk Network Printer Required for IA

Details

Multifactor authentication (MFA) improves on traditional authentication by requiring users to provide more than a username and password. In addition to something you know (e.g, password), MFA may require you to present something you have (e.g., smartphone, security key) or something you are (e.g., fingerprint, face geometry).

MFA offers another layer of defense to protect access to an account in the event a username and password are compromised.

Web applications should use Yale's approved single sign-on (SSO) methods to provide MFA (CAS, SAML, Shibboleth, and Microsoft Entra).

If an IT system is vendor-hosted and Yale's SSO cannot be employed, it is acceptable to use a vendor-provided MFA option.

For SSH, the use of MFA through Yale's Duo meets this requirement. Also, the use of SSH with password-protected keys or certificates is considered to meet this requirement.