Risk Level: Medium Risk

Compromised passwords

Apr 28, 2024

—

by

campus

Change passwords immediately if a compromise is suspected.
Default passwords

Apr 28, 2024

—

by

campus

Change default or vendor-supplied passwords and remove default accounts.
Password at startup

Apr 28, 2024

—

by

campus

Enable password protection at startup.
Multi-factor authentication Endpoints

Apr 28, 2024

—

by

campus

Utilize multi-factor authentication for remote access.
Multi-factor authentication on Servers and Applications

Apr 28, 2024

—

by

campus

Utilize multi-factor authentication for remote interactive user and administrator logins
Data inventory

Apr 28, 2024

—

by

campus

Create and maintain an information inventory that includes classification level, information owner, and users with access.
Protect paper documents

Apr 28, 2024

—

by

campus

Lock hard copy information records in a file cabinet within a locked office.
Physical security of storage

Apr 28, 2024

—

by

campus

Restrict physical access to any storage facility that contains physical media with this level of information. Only authorized individuals may have access either through a physical or electronic key.
Data center

Apr 28, 2024

—

by

campus

Place system hardware in a data center.
Traveling with Media

Apr 28, 2024

—

by

campus

Plan ahead to keep paper research data and forms (e.g., field notes, observations, interviews, informed consents) secure while traveling abroad.