Expanding Security Standards to Servers and Applications
Did you know that a server is defined as a host that provides a network-accessible service? Or that an application is defined as software running on a server that is network-accessible?
All servers and applications (including mobile applications) at Stanford are subject to Minimum Security Standards depending on the risk classification of the data handled by the server and by how the server is used.
University IT (UIT) teams are actively managing UIT servers and applications to ensure that they are current with the standards. In the coming months, we will see the results in the Stanford University Server Inventory (SUSI). SUSI is developed by the School of Medicine and will give us a quick dashboard displaying how servers measure up to the minimum standards, in addition to tracking details about each server.
If you are a systems administrator or responsible for an application, learn how to help make your servers and applications compliant by attending the Stanford Information Security Academy this April.
The UIT Security Operations team is developing BigFix for Servers content to contribute Minimum Security attributes to SUSI. These attributes include: Centralized Logging (Splunk), DUO Security (Windows), Bit9, EMET, and whether a Firewall is enabled. To request assistance with implementing BigFix for your server, please submit a HelpSU request.