We will provide security solutions to the Stanford community such that we have no incidents attributable to a lack of best practices.
- Adopt Minimum Security Standards across University High Risk systems.
- Create and maintain an inventory of all such servers and applications by September 1, 2016
- Attain and maintain Minimum Security Standards across all such servers and applications by April 30, 2017, allowing for exceptions (September check point to gauge progress and adjust schedule as needed)
- Mitigate authentication weaknesses with 3rd party services handling Stanford High Risk data.
- Create an inventory of all such systems, document current authentication process and prioritize in terms of risk by August 1, 2016
- Develop mitigation plans for 10 highest risk systems, accounting for user impact, development resources, and vendor capabilities by August 1, 2016
- Complete mitigation of 10 highest risk systems by April 2017 (September check point to gauge progress and adjust schedule as needed
- HIPAA risk assessment for non-School of Medicine components of Covered Entity at the University.
- Develop intrusion detection capabilities.
- Adopt Minimum Security Standards across low and moderate risk systems
- Address ERM (electronic research management) sub-systems.
