Risk Level: Low Risk

Incident Reporting

Apr 28, 2024

—

by

campus

Promptly report actual or suspected compromise, including loss, theft, improper use, modification of, or access to information to security@mit.edu.
Self Assessment

Apr 28, 2024

—

by

campus

Review your systems and procedures regularly to ensure the tasks for this risk level are applied.
Unique user accounts

Apr 28, 2024

—

by

campus

Create a unique, non-privileged, account for each user. Assign a different password for user and administrative accounts.
Use strong passwords

Apr 28, 2024

—

by

campus

Use strong passwords. Change authentication keys e.g., password, certificate, regularly – at least annually.
Don’t reuse passwords

Apr 28, 2024

—

by

campus

Do not reuse passwords for multiple services. Do not use your Kerberos password for non-Kerberos enabled systems.
Compromised passwords

Apr 28, 2024

—

by

campus

Change passwords immediately if a compromise is suspected.
Encrypt passwords

Apr 28, 2024

—

by

campus

Store and transmit only encrypted passwords.
Default passwords

Apr 28, 2024

—

by

campus

Change default or vendor-supplied passwords and remove default accounts.
Vendor-supported applications

Apr 28, 2024

—

by

campus

Use vendor supported applications and operating systems.
Automatic software updates

Apr 28, 2024

—

by

campus

Configure automatic download and application of software and operating system updates.