Configure Tenable to scan servers every 30 days.

Install vulnerability scanning software appropriately

Install Tenable on all servers

Handle Security Logs Appropriately

Logs should be stored within a central log server or log storage solution provided by the IaaS/SaaS provider....

Encrypt data on AWS and Azure

Follow the attached PDF to encrypt data on AWS and Azure. Read more about Encrypt data on AWS and Azure

Manage Access

Refer to the university ...

Users of administrative accounts on certain enterprise systems must complete the account attestation process.

Administrative Account Attestation for Enterprise SystemsThe annual administrative account attestation process is...

Set application inactivity time-out

Force re-authentication after a defined period of inactivity within the server-side application, where this feature is available.

Configure operational technology devices for secure operation

In addition to the requirements above, install and run Crowdstrike endpoint detection and response client on operational technology devices where technically feasible.

Configure your laptop or desktop for secure operation and storage

Personally owned and managed: Follow the Personal Device Security Guides
Harvard-managed or Harvard-purchased laptops and desktops must run Crowdstrike endpoint detection and response client. For other configuration detail, check with your...

Information Security Policy

Harvard University

How To

Encrypt Backups

Configure vulnerability scanning software appropriately