Skip to content Skip to navigation

Risk Classes & Security Standards

May 1, 2015

A new set of security classifications has been established and is now in effect for Stanford data and systems: Low Risk, Moderate Risk, and High Risk. The former framework - Prohibited, Restricted, Confidential, and Unrestricted - will be phased out by January 2016. The new classifications are simple, intuitive, focused on risk management, and aligned with federal security standards. Going forward, please use the new Low/Moderate/High Risk designations described at dataclass.stanford.edu.​

Along with the new classifications, we are introducing a “top 10 list” style of minimum security standards for all university endpoints, servers, and applications. These were developed with input from faculty, researchers, and IT staff throughout campus and were specifically selected to be prescriptive, effective, and practical. The standards are tiered by the new Low/Moderate/High Risk levels and are enabled by the many new information security tools, services, and practices established over the last 18 months. We encourage you to begin adopting these standards, prioritizing your systems by risk level. As cybersecurity is a rapidly evolving field that continuously presents us with new challenges, these standards will be revised and updated accordingly. In time, these standards will become requirements codified in the Administrative Guide.
 
More information about the minimum security standards can be found at​ minsec.stanford.edu.

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.

What to read next:

Zoom into Our New Video Conferencing Services

University IT has revamped our video conferencing services, making it easier for you to use the technology and integrate it into your daily work.

New Web Application Promotes Reuse at Stanford

The UIT Research Administration team recently partnered with the Property Management Office to build ReUse, a web application that promotes efficiency through equipment reuse across campus.

University IT Supports Sustainability With My Cardinal Green Portal

The UIT Student and HR Systems team designed and developed the online portal for My Cardinal Green, a new program that rewards faculty, students, and staff for their sustainability efforts.