Educause Security Discussion mailing list archives
Re: Security Requirements of Federal Funding Agencies
From: David C Smith <dcs44 () GEORGETOWN EDU>
Date: Tue, 29 Aug 2006 11:55:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodney, We have heard about upcoming planning on security requirements for grants and funding, but have only had a few that had them assigned - that I am aware of. I believe that in most cases it will be a minimum standard that would have been expected / recommended from an InfoSec office, such as background checks, firewalls (more specifically, network exposure to application required ports only), or a documented security plan, ala PCI. Of course, I would loved to be surprised with comprehensive requirements, and not be too happy if it went to unrealistic measures... - -Dave - -- David C. Smith, CISSP, CISM University Information Security Officer, Georgetown University http://security.georgetown.edu 202-687-7367 Office dcs44 () georgetown edu Jim Dillon wrote:
Rodney, I have little to no insight into it, but we have several centers that supply NASA with data from satellites, generally atmospheric data and such. Some are regular basis, contracted data. During annual risk assessment processes the local IT staffs have indicated they must abide by NASA data protection standards as part of the grant. Is this the type of example you are seeking? I have no specifics, but it seems to meet the criteria you are interested in. Best regards, Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** ________________________________ From: Rodney Petersen [mailto:rpetersen () EDUCAUSE EDU] Sent: Tuesday, August 29, 2006 9:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Requirements of Federal Funding Agencies I am curious if anyone has been confronted with security requirements as a condition of Federal contracts or grants. It has been a couple of years since we last discussed the topic on this list and I am eager to learn of any new developments. Please share with the entire list the sources for any such requirements and your experiences if you have developed an effective process for responding. I would also be interested to learn, privately if necessary, any unique challenges or obstacles that you have faced at your particular institution. Thanks in advance. Regards, -Rodney -------------------------------------------------- Rodney J. Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security <http://www.educause.edu/security> --------------------------------------------------
1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9GN482y8mrTDgSARAj1NAKC0EKjzmXOTNSoIXgfVMfU/PtL3YgCfdtmS BYB49nTM+7wsXUzB7nzZ8ds= =nB5U -----END PGP SIGNATURE-----
Current thread:
- Security Requirements of Federal Funding Agencies Rodney Petersen (Aug 29)
- <Possible follow-ups>
- Re: Security Requirements of Federal Funding Agencies Jim Dillon (Aug 29)
- Re: Security Requirements of Federal Funding Agencies David C Smith (Aug 29)
- Re: Security Requirements of Federal Funding Agencies Steve Brukbacher (Aug 29)
- Re: Security Requirements of Federal Funding Agencies Graham Toal (Aug 29)