Level 2

Log Retention

SC10: Logs required by the Harvard Information Security Policy must be retained for a minimum of 90 days, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's...

Read more about Log Retention

Transfer records securely and confirm receipt

Options to meet this requirement:
In every case below, use a sealed envelope.

When you can or when the risk dictates [sensitivity, number of records], choose hand delivery or ensure tracking/delivery confirmation. Ensure that you put in a mailbox or FedEx box as opposed to leaving in a basket in an open area for someone else to do so.

-Hand deliver (make sure you hand it to the intended recipient )
-University mail (up to Level 3)
-US Mail (use tracking/delivery confirmation where practical)
-FedEX/UPS (use tracking/delivery...

Read more about Transfer records securely and confirm receipt

Remote login must only permit the use of encrypted communications

Remote login to all servers must only permit the use of encrypted communications such as ssh. Windows servers must enforce a minimum of 128-bit encryption for Terminal Services and Remote Desktop communication. All servers running SSH must use a minimum of protocol version 2. Use 2-factor VPN to connect through the firewall first. 

Pages