Skip to content Skip to navigation
The University of New Mexico

Endpoint/Data Examples

Use the examples below to determine which risk classification is appropriate for a particular type of data. When mixed data falls into multiple risk categories, use the highest risk classification across all.

View Minimum Security Controls for Endpoints

Low Risk ("P" Class)


  • Research data (at data owner's discretion)

  • UNM NetIDs

  • Information authorized to be available on or through UNM’S website without UNM NetID authentication

  • Policy and procedure manuals designated by the owner as public

  • Job postings

  • University contact information not designated by the individual as "private" in MyUNM

  • Information in the public domain

  • Publicly available campus maps

Moderate Risk ("C" Class)


  • Unpublished research data (at data owner's discretion)

  • Student records and admission applications

  • Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information

  • Non-public UNM policies and policy manuals

  • Non-public contracts

  • UNM internal memos and email, non-public reports, budgets, plans, financial info

  • UNM NetID and Banner ID numbers

  • Project/Task/Award (Cayuse Research Suite) numbers

  • Engineering, design, and operational information regarding UNM

High Risk ("E" Class)


  • Health Information, including Protected Health Information (PHI)

  • Health Insurance policy ID numbers

  • Social Security Numbers

  • Credit card numbers

  • Financial account numbers

  • Export controlled information under U.S. laws

  • Driver's license numbers

  • Passport and visa numbers

  • Donor contact information and non-public gift information