Needs Identified

The Cornell IT Resource Registry aims to create a comprehensive inventory of web and client-server applications, and manage information security risk for those applications.

• Centrally inventory Cornell's two thousand plus NetID-protected web applications;
• Centrally inventory all non-NetID-protected applications;
• For all applications, understand, record, and/or assign:
  • ownership
  • purpose
  • mission criticality
  • data sensitivity
  • location
  • security risks (including data risk)
  • security controls (implementing risk-appropriate controls consistent with its security status)
  • life cycle stage

Proposed Solution

Following consensus reached by CIT Directors and internal stakeholders, CIT and Custom Development are creating the first release of the Resource Registry to establish a baseline web application inventory as well as replace CIT's current IT Portfolio application. Lessons learned from this internal adoption will refine the product to make it suitable for a gradual university-wide rollout.

Related Projects

Secure Connect

The Secure Connect passkey program aims to significantly reduce the likelihood of a password compromise impacting sensitive systems. The Resource Registry will help Cornell meet this goal with the data provided by service owners and system creators.

Cornell Experience Modernization Initiative (CEMI)

As part of CEMI, an analysis is being done to understand why gap applications (programs created to fill niche needs) arose at the university. The Resource Registry can support CEMI's ongoing analysis of this essential and complex web of internally developed systems that are increasingly difficult to maintain and secure.