Educause Security Discussion mailing list archives
Re: Security Program: NIST, ISO, other?
From: Alan <astockdale () EDC ORG>
Date: Thu, 17 Jan 2013 11:04:08 -0500
For federal contract work that is subject to FISMA, implementation of the NIST Risk Management Framework is a requirement (i.e. NIST SP800-37, NIST SP800-53 controls, etc.). There is no other option. A lot of institutions seem to carve out an enclave for that type of work as it is demanding to implement the RMF system-wide. Since 2010, when OMB started requiring the Inspectors General to assess agency oversight of contractor FISMA compliance, the security requirements in federal contract RFPs have become a lot more explicit and demanding. UT and UC have some useful webinars on FISMA: Federal Information Security Comes to Higher Education http://www.utsystem.edu/compliance/SWCAcademy.html FISMA Compliance http://www.ucop.edu/ethics-compliance-audit-services/compliance/webinars/fisma/lib/playback.html -- Alan Stockdale Education Development Center 43 Foundry Avenue, Waltham, MA 02453-8313 [cid:edc_logo19d1ac9]<http://www.edc.org> EDCInc On 1/17/2013 9:36 AM, Wright, A J (A. J.) wrote: Hello all, At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than ISO 27001. While we don’t claim to implement 100% of it (it wouldn’t be appropriate,) we’re making heavy use of FIPS199, 800-37, 800-53, 800-66, etc. I’ve had staff calling and emailing around asking this, but I figured I’d ask this list also: what is your school’s security program based on? Thanks, ajw -- A. J. Wright Chief Information Security Officer University of Tennessee – System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 Email: ajw () tennessee edu<mailto:ajw () tennessee edu>
Current thread:
- Re: Security Program: NIST, ISO, other?, (continued)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? mccalluq (Jan 17)
- Re: Security Program: NIST, ISO, other? McLaughlin, Bryan S. (Jan 17)
- Re: Security Program: NIST, ISO, other? Edgmand, Craig (Jan 17)
- Re: Security Program: NIST, ISO, other? Dan Sarazen (Jan 17)
- Re: Security Program: NIST, ISO, other? David Curry (Jan 17)
- Re: Security Program: NIST, ISO, other? Wright, A J (A. J.) (Jan 17)
- Re: Security Program: NIST, ISO, other? Valdis Kletnieks (Jan 18)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? Lorenz, Eva (Jan 17)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? Valerie Vogel (Jan 17)
- Re: Security Program: NIST, ISO, other? Dan Sarazen (Jan 17)