Protection of Electronic Files - Minimum Security Standards
Massachusetts regulations 201 CMR §17.04 Computer System Security Requirements (see Appendix D) include a number of requirements related to the protection of electronic files.
MIT has developed a set of minimum IT security standards that – to the extent technically feasible – must be used for the protection of laptop and desktop computers, smart phones as well as mobile storage devices such as USB memory sticks that process, store, view or transmit PIRN.
While not an exhaustive list, below are technologies that, when used concurrently, would meet compliance requirements:
- Operating system and software updates
- Firewall configuration
- Virus and malware protection
- Protecting data in transit
- Physical security
- Data destruction/removal
- Data inventory
- Designation of workstations for specific functions
- Principle of least privilege
- Browser and email protections
- File server protections