MitiGate is an online gateway to unit IT security risk data for Security Unit Liaisons (SULs), unit IT leaders, and unit leadership. It provides a window into certain types of IT security risk data from multiple systems in one place. It is designed to help you prioritize your efforts and allocate resources where they will have the biggest impact.
Use MitiGate to help you see at-a-glance where your unit is doing well and where your biggest IT security risks that need to be addressed lie. MitiGate aggregates data from these sources, automatically pulling the data from Splunk—the Information and Technology Services (ITS) log collection and aggregation engine—every morning:
- RECON Risk Treatment Plan items. RECON is the risk assessment methodology used to assess IT security threats and vulnerabilities to mission critical U-M systems and applications and to systems storing sensitive university data. You can view risk mitigation items from all your unit's RECONs in one place in MitiGate.
- Vulnerability scan results. Information Assurance (IA) conducts routine quarterly scans of all U-M owned and managed networks and offers a monthly and on-demand scanning service on request. Vulnerabilities identified by these scans are summarized in MitiGate and can be downloaded for review.
- Sensitive Data Discovery results. Checks are done on MiWorkspace computers twice a year to ensure that sensitive data is not being stored unnecessarily or improperly. These checks are available to non-MiWorkspace units on request. The checks result in a report of files in your unit that could be Social Security or credit card numbers.
- Alerts, Advisories, Notices RSS feed from Safe Computing. IA issues alerts, advisories, and notices to keep members of the U-M IT community informed about vulnerabilities, scams, and other IT security and privacy issues.
- CIS-CAT results. IA provides a UM-specific version of the Center for Internet Security's Configuration Assessment Tool (CIS-CAT), which can scan systems against a predetermined benchmark and recommend areas of hardening that need to be addressed. CIS-CAT scan results submitted to IA can be viewed in MitiGate.
While the IT security risk information in MitiGate is available in other systems or has been delivered to you in other ways, MitiGate brings it together and displays it in a way that makes it easier to manage and prioritize, providing a better overview of IT security risk in your unit.
For instructions, see Using MitiGate.
To get access to MitiGate for your unit, contact your Security Unit Liaison (SUL). SULs serve as gatekeepers to the unit security information in MitiGate and can request access for others in their unit by contacting IA through the ITS Service Center.