Logs should be stored within a central log server or log storage solution provided by the IaaS/SaaS provider....

Refer to the university Harvard Sponsored Role Portal...

Remote login to all servers must only permit the use of encrypted communications such as ssh. Windows servers must enforce a minimum of 128-bit encryption for Terminal Services and Remote Desktop communication. All servers running SSH must use a minimum of protocol version 2. Use 2-factor VPN to connect through the firewall first. 

Disable the non-secure port.