Re: Security Requirements of Federal Funding Agencies

[Steve Brukbacher <sab2 () UWM EDU>]

The US Department of Education is making security requirements a major
part of their contracts for accessing certain types of data.  Our
experience was related to NCES, National Center for Education Statistics.
http://nces.ed.gov/

We went through this this summer and actually had to sign off on a
security plan before a researcher could receive the data.  It ended up
being a good thing because we were invited to create a security plan for
the project.

--
Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Coordinator
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224



Rodney Petersen wrote:
> I am curious if anyone has been confronted with security requirements as
> a condition of Federal contracts or grants.  It has been a couple of
> years since we last discussed the topic on this list and I am eager to
> learn of any new developments.
>
> Please share with the entire list the sources for any such requirements
> and your experiences if you have developed an effective process for
> responding.  I would also be interested to learn, privately if
> necessary, any unique challenges or obstacles that you have faced at
> your particular institution.
>
> Thanks in advance.
>
> Regards,
>
> -Rodney
> --------------------------------------------------
> Rodney J. Petersen
> Policy Analyst & Security Task Force Coordinator
>
> EDUCAUSE
> 1150 18th Street, N.W., Suite 1010
> Washington, D.C.  20036
> (202) 331-5368 / (202) 872-4200
> (202) 872-4318 (FAX)
> EDUCAUSE/Internet2 Security Task Force
> _______www.educause.edu/security___ <http://www.educause.edu/security>__
> --------------------------------------------------