Phase 1

CIT's internal IT Portfolio tool was selected to first adopt the Resource Registry. Data from the IT Portfolio helped shape website infrastructure, as well as operational capabilities. CIT Service Management implemented the Resource Registry in February 2026.

Phase 2

Based on identified needs, as well as key dependences identified from related projects, planning begins for a wider campus adoption in 2026.

Needs Identified

The Cornell IT Resource Registry aims to create a comprehensive inventory of web and client-server applications, and manage information security risk for those applications.

• Centrally inventory Cornell's two thousand plus NetID-protected web applications;
• Centrally inventory all non-NetID-protected applications;
• For all applications, understand, record, and/or assign:
  • ownership
  • purpose
  • mission criticality
  • data sensitivity
  • location
  • security risks (including data risk)
  • security controls (implementing risk-appropriate controls consistent with its security status)
  • life cycle stage

Proposed Solution

Following consensus reached by CIT Directors and internal stakeholders, CIT and Custom Development are creating the first release of the Resource Registry to establish a baseline web application inventory as well as replace CIT's current IT Portfolio application. Lessons learned from this internal adoption will refine the product to make it suitable for a gradual university-wide rollout.

Related Projects

Secure Connect

The Secure Connect passkey program aims to significantly reduce the likelihood of a password compromise impacting sensitive systems. The Resource Registry will help Cornell meet this goal with the data provided by service owners and system creators.

Cornell Experience Modernization Initiative (CEMI)

As part of CEMI, an analysis is being done to understand why gap applications (programs created to fill niche needs) arose at the university. The Resource Registry can support CEMI's ongoing analysis of this essential and complex web of internally developed systems that are increasingly difficult to maintain and secure.