Scanning for Confidential Data
This article applies to: Shared File Services
It is the responsibility of the share owners to periodically scan their data in accordance with Cornell Policy 5.10.
For information about how to scan, see the Guide to Data Discovery.
CIT will not be responsible for scanning customer shares for sensitive data. It is the customer’s responsibility to perform any such scanning to be compliant with any related Cornell policies.
- For HIPAA and Confidential shares SFS provides the CIFS auditing functionality, to be configured, managed, and reviewed by the customer in accordance with Cornell Policy 5.10.
- The customer is responsible for ensuring compliance with Cornell Policy 5.10.
- HIPAA data has requirements that need to be met on a scheduled basis, such as file-system ACL and user audits. Additional information is in the HIPAA Administrative Simplification Regulation Text.
CIT performs regular Nessus vulnerability scans against SFS. These scans are not the same as Sensitive Data scanning, or AntiVirus scanning, both of which are customer responsibilities.