Educause Security Discussion mailing list archives
Re: student systems and NIST 800-171
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Fri, 29 Jan 2021 08:42:42 -0500
We're just starting to look into this among a broader effort around compliance. I'd be interested in what other are doing or forming an interest/working group if there's enough folks keen to do so. Cheers, Harry On Thu, Jan 28, 2021 at 11:35 AM Fugett, Julie C <jcf () ku edu> wrote:
Is anyone aware of templates, checklists, or other guidance around performing this self-assessment? I just watched Mia Jordan’s talk from the 2020 Virtual FSA training conference and while the talk was informative, she didn’t provide any resources or a timeline for the self-assessment process. I’m reaching out to the contact email in the slides, but I’m wondering if I’ve missed something somewhere along the way. ______________________________________ Julie C. Fugett, CISSP Chief Information Security Officer KU Information Technology The University of Kansas Email jcf () ku edu Mobile +1 785 691 9023 Office +1 785 864 0490 *She/Her/Hers* *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Ross Mukai *Sent:* Wednesday, January 27, 2021 6:10 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] student systems and NIST 800-171 Some slides from the 2020 student aid conference describing a compliance framework for glba + CUI The bullet points on the near-term plan on pg 18 include the 12/18/20 letter and self-assessments https://fsaconferences.ed.gov/conferences/library/2020/2020FSAConfSessionBO15.pdf <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffsaconferences.ed.gov%2Fconferences%2Flibrary%2F2020%2F2020FSAConfSessionBO15.pdf&data=04%7C01%7Cjcf%40KU.EDU%7C1c322f48b61a4c329b3408d8c322851b%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C637473900330006612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=smFGHjFFqho1E785SaPoJGFmRnSgXRFc5c05hScgK8M%3D&reserved=0> On Wed, Jan 27, 2021 at 2:01 PM Sam Horowitz <samh () ucsb edu> wrote: https://ifap.ed.gov/electronic-announcements/121820CybersecurityProtectStudentInfoComplianceCUInGLBA <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fifap.ed.gov%2Felectronic-announcements%2F121820CybersecurityProtectStudentInfoComplianceCUInGLBA&data=04%7C01%7Cjcf%40KU.EDU%7C1c322f48b61a4c329b3408d8c322851b%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C637473900330016603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tjsnBLUdeNXfC1AnKOIT4vUUCcFMM6PS7AfeQKVnpcc%3D&reserved=0> ------------------------------------------- Sam Horowitz, CISSP, CISM *Chief Information Security Officer* he/him/his Office: (805) 893-5005 Email: samh () ucsb edu On Wed, Jan 27, 2021 at 3:38 PM Alex Jalso <ACJalso () mail wvu edu> wrote: Hello Everyone, In a meeting with peer institutions it was said that at the Federal level there’s been discussions that university student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or risk losing financial aid. Has anyone heard something similar to this or received communications about it? Alex Alex Jalso, PMP, CISM, CDPSE Chief Information Security Officer Information Technology Services West Virginia University p: 304-293-4457 *Defend your data.* ITS will *NEVER* ask you for your WVU Login credentials, Social Security number or credit card information via email. *NEVER* click on suspicious email links or attachments, even those that appear to be from a legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact DefendYourData () mail wvu edu. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjcf%40KU.EDU%7C1c322f48b61a4c329b3408d8c322851b%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C637473900330016603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mCZkrjit1ElyjMTLX2k%2F4kGsvfMqY9OuyN9frdng8U4%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjcf%40KU.EDU%7C1c322f48b61a4c329b3408d8c322851b%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C637473900330026603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IJzOkKvCIGJWHYTF6rCvlzdCKrgYyNwzBMFdcIsRB4Y%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjcf%40KU.EDU%7C1c322f48b61a4c329b3408d8c322851b%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C637473900330026603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IJzOkKvCIGJWHYTF6rCvlzdCKrgYyNwzBMFdcIsRB4Y%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- student systems and NIST 800-171 Alex Jalso (Jan 27)
- Re: student systems and NIST 800-171 Sam Horowitz (Jan 27)
- Re: student systems and NIST 800-171 Ross Mukai (Jan 27)
- Re: student systems and NIST 800-171 Fugett, Julie C (Jan 28)
- Re: student systems and NIST 800-171 Robert Smith (Jan 28)
- Re: student systems and NIST 800-171 Laura Raderman (Jan 28)
- Re: student systems and NIST 800-171 Colin Glover (Jan 28)
- Re: student systems and NIST 800-171 Schornstein, Matt (Jan 28)
- Re: student systems and NIST 800-171 Andrew Scheifele (Jan 28)
- Re: student systems and NIST 800-171 Ross Mukai (Jan 27)
- Re: student systems and NIST 800-171 Sam Horowitz (Jan 27)
- Re: student systems and NIST 800-171 Jarret Cummings (Jan 28)
- Message not available
- Re: student systems and NIST 800-171 Harry Hoffman (Jan 29)
- Re: student systems and NIST 800-171 Sidiqyar, Masood (Jan 29)
- Re: student systems and NIST 800-171 Boyd, Daniel (Jan 29)
- Re: student systems and NIST 800-171 Curt Kappenman (Jan 29)
- Re: student systems and NIST 800-171 Pifer, Michael (Feb 02)
- Re: student systems and NIST 800-171 Boyce-Werner, Rori (Feb 02)
- Re: student systems and NIST 800-171 Mike Nowakowski (Feb 02)
- Re: student systems and NIST 800-171 Jarret Cummings (Feb 02)
- Re: student systems and NIST 800-171 Dave Broucek (Jan 29)
- Re: student systems and NIST 800-171 Josh Boon (Jan 29)
- Re: student systems and NIST 800-171 Snider, Jodie (Jan 29)