Educause Security Discussion mailing list archives
Re: [External] Re: [SECURITY] student systems and NIST 800-171
From: Ross Mukai <rossmuka () HAWAII EDU>
Date: Thu, 28 Jan 2021 08:23:00 -1000
NIST MEP HB 162 is useful for a high level start, but you may find it doesn't go in depth and tends to underestimate other details specified in 800-171a assessment methodology. HB 162 was also published prior to 800-171r2. To me, it's clear from the NIST and CMMC discussion boards that there is a range of interpretation possible in reading the NIST requirements and most of the guidance out there is specific to the DoD CUI safeguarding implementation, which isn't exactly 1:1 with the NARA/ISOO CUI implementation and is now shifting to CMMC, so I'm just waiting for the dept of ed specific guidance to come out. If it is a short term goal, as mentioned in the FSA slides, it's possible that it's pending administration change related delays. On Thu, Jan 28, 2021 at 7:47 AM Coleman, Susan Elizabeth <colemans () iu edu> wrote:
Good Afternoon, For those seeking an outside perspective, REN-ISAC’s Peer Assessment Service offers NIST 800-171 Compliance reviews. I would be happy to answer any questions you have about the program and can be reached at peer () ren-isac net. Sincerely, Susan Sent from my iPhone On Jan 28, 2021, at 12:17 PM, Dennis Bolton <bolton () oakland edu> wrote: This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from external sources. Yes, we started doing this a few years ago. I can't recall the specific driver (e.g. announcement or publication) but I think the general goal was to be prepared if the guidance \ language become more direct. I know the great folks at BYU have made some amazing GoogleSheets to facilitate reviews. I believe they have currently NIST 800-171 and CMMC templates up for general use by other educational institutions. Dennis Bolton Information Security Officer Oakland University Dodge Hall Rm 220 118 Library Drive Rochester, MI 48309-4401 248-370-4803 On Wed, Jan 27, 2021 at 6:38 PM Alex Jalso <ACJalso () mail wvu edu> wrote:Hello Everyone, In a meeting with peer institutions it was said that at the Federal level there’s been discussions that university student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or risk losing financial aid. Has anyone heard something similar to this or received communications about it? Alex Alex Jalso, PMP, CISM, CDPSE Chief Information Security Officer Information Technology Services West Virginia University p: 304-293-4457 *Defend your data.* ITS will *NEVER* ask you for your WVU Login credentials, Social Security number or credit card information via email. *NEVER* click on suspicious email links or attachments, even those that appear to be from a legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact DefendYourData () mail wvu edu. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171, (continued)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Dan Wasson (Feb 02)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Mavour, Monique A (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Karen A Bell (kbell) (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Jackson, Ms. D'Ann (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Steven Saine (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Nadim El-Khoury (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Brian Amstutz (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] [EXT] Re: [SECURITY] student systems and NIST 800-171 Ben Marsden (Feb 08)
- Re: [External] Re: [SECURITY] student systems and NIST 800-171 Coleman, Susan Elizabeth (Jan 28)
- Re: [External] Re: [SECURITY] student systems and NIST 800-171 Ross Mukai (Jan 28)
- Re: student systems and NIST 800-171 Welch, Von (Jan 29)
- Re: student systems and NIST 800-171 Koppel, Lorna (Jan 29)
- Re: student systems and NIST 800-171 Bertone, John (Jan 29)
- Re: student systems and NIST 800-171 Ben Marsden (Feb 08)
- Re: student systems and NIST 800-171 Ellis, Carolyn A (Feb 08)