We want to hear from you! Take the survey.
How do you use It’s Your Yale? How can it be improved? Answer for a chance to win Yale swag.
Streamlining Yale’s Minimum Security Standards (MSS)
March 9, 2023
On Wednesday, March 15, the Information Security Office (ISO) will publish a reorganized version of Yale’s Minimum Security Standards (MSS). The purpose of this reorganization is to improve comprehension and reduce redundancy. No standards or requirements are changing.
What is changing?
- Consolidated Standards Groups (Yale-MSS-X) from 16 to 14. Attached is a crosswalk showing this consolidation.
- Reworded and consolidated standards (Yale-MSS-X.Y)
- Refreshed MSS webpages organized based on roles and their interactions with the MSS.
- Clarified language throughout the MSS and its supporting web pages.
What is not changing?
The requirements in the MSS have not changed. If a system is in compliance today, it will still be in compliance on March 15. ISO will make an archive of the current version available for viewing for a limited time.
The future of the MSS
Yale’s Minimum Security Standards (MSS) are based on Yale’s dynamic risk landscape. As risks evolve, so does the MSS. ISO’s goal is to continue to improve the MSS to reflect this relationship. When requirements change, the appropriate communications will be sent in advance. This advance notice will allow for planning to meet any new, applicable requirements.
In the interim, ISO will continue to work on clarifying these standards and providing more guidance.
Contact information.security@yale.edu with any questions or comments that would help clarify any and all parts of the MSS.
The future of MSS training
Over the past two years, ISO provided the MSS Roadshow training. This training was successfully offered to all IT at Yale. The foundational course, MSS 101, will continue to be offered in an online format. Going forward, MSS training will evolve into a series of MSS Lunch and Learns.
These Lunch and Learns will cover one MSS Standards Group at a time. They will feature a subject matter expert based on the Standards Group being covered. Please attend and encourage your team members to attend these events. They will be an opportunity to ask questions about applying the MSS to IT Systems at Yale.
For more information, visit the MSS Streamline announcement on the Cybersecurity website. For any questions or concerns about the MSS Reorganization, please email information.security@yale.edu.
Thank you for your ongoing commitment to doing your part in protecting Yale’s data and systems.