SC10: Logs required by the Harvard Information Security Policy must be retained for a minimum of 90 days, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's...
Harvard-managed or Harvard-purchased laptops and desktops must run Crowdstrike endpoint detection and response client. For other configuration detail, check with your...
Options to meet this requirement: In every case below, use a sealed envelope.
When you can or when the risk dictates [sensitivity, number of records], choose hand delivery or ensure tracking/delivery confirmation. Ensure that you put in a mailbox or FedEx box as opposed to leaving in a basket in an open area for someone else to do so.
-Hand deliver (make sure you hand it to the intended recipient ) -University mail (up to Level 3) -US Mail (use tracking/delivery confirmation where practical) -FedEX/UPS (use tracking/delivery...
Consult the business owner for current and accurate identification of those approved for access to confidential information in paper form. Log access to Level 4 information.
Remote login to all servers must only permit the use of encrypted communications such as ssh. Windows servers must enforce a minimum of 128-bit encryption for Terminal Services and Remote Desktop communication. All servers running SSH must use a minimum of protocol version 2. Use 2-factor VPN to connect through the firewall first.