Question DATA-02
Will the institution's data be stored on any devices (database servers, file servers, SAN, NAS, etc.) configured with non-RFC 1918/4193 (i.e., publicly routable) IP addresses?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
State the need for this strategy, in detail.
Reason for Question
Systems that are directly exposed to public internet resources are at greater risk than those that are not. Understanding the requirements for this configuration is important, particularly when assessing compensating controls.
Follow-Up Inquiries
Ask the vendor about their infrastructure and if there is a solution that eliminates the need for this environment.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]