Control
ID
Control Description Data Protection Classification
Level 1 Level 2 Level 3 Level 4
MIN-1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). essential essential essential essential
MIN-2 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems. essential essential essential essential
MIN-3 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. recommended required essential essential
MIN-4 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. essential essential essential essential
MIN-5 Protect (i.e., physically control and securely store) system media containing the University’s data, both paper and digital. optional recommended essential essential
MIN-6 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation,) organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of the University’s data. required required essential essential
MIN-7 Remediate vulnerabilities in accordance with risk assessments. essential essential essential essential
MIN-8 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. required required essential essential
MIN-9 Identify, report, and correct system flaws in a timely manner. essential essential essential essential
MIN-10 Monitor system security alerts and advisories and take action in response. essential essential essential essential