uit.stanford.edu
Open in
urlscan Pro
35.82.128.38
Public Scan
Submitted URL: https://cyberscorecard.stanford.edu/
Effective URL: https://uit.stanford.edu/security/scorecard
Submission Tags: phishingrod
Submission: On June 24 via api from DE — Scanned from DE
Effective URL: https://uit.stanford.edu/security/scorecard
Submission Tags: phishingrod
Submission: On June 24 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to content Skip to site navigation Skip to service navigation Stanford University IT Navigation menu * Explore services * View all services * View services approved for High Risk Data * I want to ... * Use video conferencing tools * Get IT training * Create web forms and surveys * Set up email * Set up two-step authentication * Sponsor a SUNet ID * Get software * Connect to the network * Secure my mobile device * Get website hosting * Publish a website * Get started with IT at Stanford * Log into ... * Email and calendar * Zoom video conferencing * Medicine Box file storage * Mailing lists * Stanford Accounts * MyDevices * Qualtrics survey tool * Google Drive * -------------------------------------------------------------------------------- * Understanding single sign on * View alerts 0 active alerts * Get support * Find answers * Report a security incident * Request something * Get help Open Search × search INFORMATION SECURITY * Overview * I want to... * Report a lost or stolen device * Encrypt my computer * Secure my mobile device * Report alleged copyright infringement * Send High Risk Data via email * Back up my files and data * See all of my devices * Request a security review * Request a compliance exception * Report an incident * Travel to a foreign country * Use a password manager * Avoid identity theft * View all security tools and services * Guides * Getting started * System administrator * Watch Information Security Awareness Video * Protecting sensitive data * Responsible AI * Other Stanford security resources * Stay safe from phishing scams * Upcoming events * Policies * Administrative Guide * Information Security * -------------------------------------------------------------------------------- * Data Security * Encryption at Stanford * Risk Classifications * Risk Classifications: Approved Services * Minimum Security Standards * Third party security requirements * Data Sanitization * Payment Card Industry (PCI) * -------------------------------------------------------------------------------- * Privacy * HIPAA * FERPA * Get involved * Bug Bounty Program * Internships * About * Unit Overview * Contact Us CYBERSECURITY FITNESS SCORECARD COMPONENTS Component Details Points Source University Security Initiative Promulgation Assessment of the organization's promulgation of key Information Security initiatives, such as Cardinal Key Adoption. 10 % of mandated users enforced with Cardinal Key * 91% and above: 10 pts * 81 - 90%: 9 pts * 51 - 80%: 7 pts * 31 - 50%: 5 pts * 11 - 30%: 3 pts * 0 - 10%: 0 pts Endpoint Minimum Security Standards Adoption Assessment of the organization’s compliance with endpoint security standards. This includes items such as endpoint encryption compliance and backup. 9 BI reports -- % of endpoints compliant * 96 - 100%: 9 pts * 90 - 95%: 7 pts * 80 - 89%: 5 pts * 51 - 79%: 3 pts * 0 - 50%: 0 pts 1 Backups -- % of end user laptops and desktops backed up to central service * 90 - 100%: 1 pts * 0 - 89%: 0 pts Server Minimum Security Standards Adoption Assessment of the organization’s compliance with server security standards regardless of server risk classification. 3 High Risk: Minsec adoption level * > 99%: 3 pts * 98 - 99%: 2 pts * < 98%: 0 pts 3 High Risk: Minsec inventory attested as being up to date * Attestation completed: 3 pts * Attestation not completed: 0 pts 4 Low and Moderate Risk: Minsec inventory attested as being up to date * Minsec inventory exists and is up to date: 4 pts * Minsec inventory exists but not up to date: 2 pts * Minsec inventory does not exist: 0 pts Application Minimum Security Standards Adoption Assessment of the organization’s compliance with application security standards regardless of application risk classification. 3 High Risk: Minsec adoption level * > 99%: 3 pts * 98 - 99%: 2 pts * < 98%: 0 pts 3 High Risk: Minsec inventory attested as being up to date * Attestation completed: 3 pts * Attestation not completed: 0 pts 4 Low and Moderate Risk: Minsec inventory attested as being up to date * Minsec inventory exists and is up to date: 4 pts * Minsec inventory exists but not up to date: 2 pts * Minsec inventory does not exist: 0 pts Cloud Minimum Security Standards Adoption Assessment of the organization’s awareness and adoption of Stanford’s cloud security standards. This is applicable to the SaaS, PaaS and/or IaaS services used by the organization. 10 Participation in Cloud Security Program * Yes: 10 pts * No: 0 pts Attack Surface Evaluation of the percentage of IP addresses assigned to an organization whose ports are exposed to the public internet which threat actors commonly abuse. The evaluated ports: 20, 21, 22, 23, 25, 53, 68, 69, 88, 110, 135, 137-139, 143, 161, 389, 445, 465, 636, 902, 1433, 1434, 1521, 3306, 3389, 4433, 4444, 5555, 6666, 7777, 8888, 9999, 5432, 5900, 6379, 9200, 27017, 27018. 8 Shodan report: % of hosts with commonly abused ports open to the world * < 5%: 8 pts * 6 - 10%: 6 pts * 11 - 20%: 4 pts * 21 - 35%: 2 pts * > 36%: 0 pts 2 Documented business need for opened ports on host(s) * Yes: 2 pts * No: 0 pts Vulnerability Management Evaluation of the organization’s ability to manage server and application vulnerabilities. This also factors in the age of identified vulnerabilities, the strength of the organization’s primary website cryptography and how quickly items are remediated that are found through the Stanford Bug Bounty program. 2 Based on Qualys reports, # of Severity 5 vulnerabilities not remediated within 30 days * 0 vulnerabilities: 2 pts * 1+ vulnerabilities: 0 pts 7 % of vulnerabilities older than 6 months * 0 - 10%: 7 pts * > 10%: 0 pts 1 Participation in Bug Bounty Program * 3+ key department systems in scope: 1 pts * < 2 key systems in scope: 0 pts Security Incidents Evaluation of the frequency and severity of security related incidents across the organization. This includes items such as compromised endpoints, servers, websites, exposed credentials, and lost or stolen devices. 7 Number of major or critical incidents resulting from MinSec non-compliance within the year * 1+ critical incidents: 0 pts * 3+ major incidents: 0 pts * Otherwise: 7 pts 3 Lost/stolen devices (incl. personally owned used for Stanford, Stanford owned, USB, mobile, laptop, desktop) * 0 unencrypted devices: 3 pts * 1+ unencrypted devices: 0 pts Resistance to Social Engineering Assessment of how susceptible users in the organization are to various forms of social engineering attacks. This includes data from the Stanford Phishing Awareness Program and security incidents related to social engineering attack patterns. 7 Average Phishing Awareness Program click rate over the last 6 months * < 1%: 7 pts * 1 - 5%: 5 pts * 6 - 9%: 1 pt * > 10%: 0 pts 3 Number of compromised accounts due to phishing * 0 accounts: 3 pts * 1+ accounts: 0 pts Engagement with ISO An assessment of how engaged the organization is with their primary ISO security partner and the attendance of the org’s IT contacts in ISO meetings, trainings, seminars and other functions. 10 Attends regularly scheduled meetings with assigned ISO rep (at least quarterly). Last modified March 6, 2024 SERVICES * Explore all services * Cloud Solutions Q&As * Get started with IT * Practice secure computing * Work Anywhere Guide * IT perks SUPPORT * Find answers * Request something * Get help * View system and project status * Browser recommendations * Tech Resources & Support (for students) UNIVERSITY IT * About us * Organization chart * Current job openings CONNECT * News * Events * Communities of Practice * UIT Community (UIT staff only) UIT WEB EDITORS Login * Stanford Home * Maps & Directions * Search Stanford * Emergency Info * Terms of Use * Privacy * Copyright * Trademark * Non-Discrimination * Accessibility © Copyright Stanford University. Stanford, California 94305.