Category 1 data is comprised of Personally Identifiable, Regulated, or University Declared data.
The following constitute the minimum security controls required for repositories containing Category 1 data.
Physical Controls
Physical controls apply to access to the physical resource where the data resides.
...
- Systems must comply with the Standards for Connecting Servers to the University Network.
- Data must be encrypted at rest.
- Data must be encrypted in transit, both in physical transport and network communications.
- Multi-Factor Authentication, when available, must be used for privileged access accounts.
- Network filtering should be at the most restrictive level required to assure regulatory compliance.
...