Security & Compliance
Spinup and SpinupPlus are designed for Yale’s research and administrative computing needs. Choose the right environment based on your data and compliance requirements.
Which platform should I use?
| Use Case | Spinup | SpinupPlus |
|---|---|---|
| General research & administrative workloads | Recommended | Not recommended for normal workloads |
| Workloads with PHI / HIPAA considerations | Capable with additional controls | Recommended for PHI / HIPAA workloads |
| NIST 800-171 requirements (human subjects / sensitive data) | Not intended to meet 800-171 | Recommended — managed, secure environment aligned to NIST 800-171 |
Platform summaries
Spinup (self-service)
Spinup, developed by Yale ITS, is a self-service computing environment on AWS that lets you create customized resources in minutes. Since 2016 it has supported a wide range of research and administrative applications across Yale.
SpinupPlus (managed)
SpinupPlus is a fully-managed, secure environment operated by the YBIC team and Health Sciences IT. It is tailored for human subjects research and sensitive data, including PHI. The service aligns to NIST 800-171 and HIPAA requirements and provides managed services that help researchers adhere to security and privacy policies.
Shared security responsibility (Spinup)
Cloud providers secure the cloud; Spinup reduces some “security in the cloud” burden; you (the tenant) are responsible for your applications, identities, and data handling.
Spinup is designed to help you meet Yale's Minimum Security Standard (MSS), which establishes baseline security controls for all Yale systems. The table below shows how Spinup supports these requirements and what actions you need to take to maintain compliance.
| Yale Minimum Security Requirement | Spinup Provides | Your Actions |
|---|---|---|
| Hardened OS image | Hardened Linux/Windows base images | Migrate to supported images as they age out |
| OS patching | Automated patching via AWS SSM | Update when OS reaches end of support |
| Encryption | Disk encryption at rest; policies for encrypted transport where supported | Use encrypted protocols (HTTPS/SSL/SFTP). Enable TLS for NFS; avoid anonymous access |
| Restricted networking | Default restricted network + firewall UI (security groups) | Open only what you need; follow Yale exception processes where required |
| MFA & Access | DUO for SSH, RDP, and console access | Apply app-level MFA where applicable |
| Logging & monitoring | System and access logs to centralized storage with standard retention | Route application logs appropriately and retain per policy |
| Backups | Daily AWS snapshots (standard retention); optional NFS backups | Enable filesystem backups as needed; manage DB backups as applicable |
For more information on your shared responsibility, view the full model
Usage & sensitive data terms
This system is for Yale ITS business purposes by authorized persons. Use is monitored for administrative and security purposes. Users must preserve the confidentiality, integrity, and availability of information in their Spinup space and follow all applicable Yale policies.
Data risk levels (e.g., per Yale’s Data Classification Policy) determine controls and required actions. Where your workload mandates NIST 800-171 alignment, select SpinupPlus.