How-to

Identify Critical Systems for Availability

Identification of University critical systems for availability on the University network is an important part of the University's ongoing risk management and compliance obligations. System and data owners need to identify critical systems to University Information Security (UIS) for incident response purposes.

Identify Critical Systems

For this purpose, a critical system meets one of the following criteria:

Notify University Information Security

  • Tag the IP addresses for critical systems with the High Security Level or Medium Security Level tag in InsightVM. See InsightVM: Manage Assets, Adding Tags section.
  • OR send the following information (including changes to this information) to security@umn.edu:
    • IP address(es)
    • Type of system(s) and how the system(s) is used
    • Data Security Classification (e.g., stores, accesses, or has the ability to impact the security of Private-Highly Restricted data, Private-Restricted data, Public data, or no data) 
    • Security Level of the system (e.g., High, Medium, or Low)
    • College or administrative unit name
    • Primary and secondary IT contact information (name, email address, office phone, cell phone)
    • Documentation supporting why the IP addresses can not be vulnerability scan

Learn more about classifying University data and Identifying Security Level in the University Data Security Classification Policy.

Learn more about InsightVM Vulnerability Scanning.

Questions, send e-mail to security@umn.edu

More Information

Intended Audience

Students
Instructors
Researchers
Staff & Departments
Health Sciences Affiliates
IT Staff and Partners