• Home
• Overview
• MIT Strategies

• Written Information Security Program

  • Overview
  • Related Rules & Regulations
  • Roles
  • Minimizing PIRN
  • Awareness, Training & Education
  • Third-Party Assurances
  • Protecting Hard Copy Files
  • Protecting Electronic Files
  • Monitoring & Enforcement
• Sensitive Data Areas
• Resources
• Individual Protection
• News and Events
• FAQ

• Contact Us
• Site Map

Protection of Electronic Files - Minimum Security Standards

Massachusetts regulations 201 CMR §17.04 Computer System Security Requirements (see Appendix D) include a number of requirements related to the protection of electronic files.

MIT has developed a set of minimum IT security standards that – to the extent technically feasible – must be used for the protection of laptop and desktop computers, smart phones as well as mobile storage devices such as USB memory sticks that process, store, view or transmit PIRN.

While not an exhaustive list, below are technologies that, when used concurrently, would meet compliance requirements:

• Operating system and software updates
• Firewall configuration
• Virus and malware protection
• Passwords
• Protecting data in transit
• Encryption
• Physical security
• Data destruction/removal
• Backups
• Data inventory
• Designation of workstations for specific functions
• Principle of least privilege
• Browser and email protections
• File server protections

For details on these standards, see the referenced document. Additional information can be found on the IS&T Security web pages and in the IT Knowledgebase Hermes.

back to top