Re: Security Requirements of Federal Funding Agencies

[David C Smith <dcs44 () GEORGETOWN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rodney, We have heard about upcoming planning on security requirements
for grants and funding, but have only had a few that had them assigned -
that I am aware of.

I believe that in most cases it will be a minimum standard that would
have been expected / recommended from an InfoSec office, such as
background checks, firewalls (more specifically, network exposure to
application required ports only), or a documented security plan, ala PCI.

Of course, I would loved to be surprised with comprehensive
requirements, and not be too happy if it went to unrealistic measures...

- -Dave

- --
David C. Smith, CISSP, CISM
University Information Security Officer, Georgetown University
http://security.georgetown.edu
202-687-7367 Office
dcs44 () georgetown edu

Jim Dillon wrote:
> Rodney,
>
> I have little to no insight into it, but we have several centers that
> supply NASA with data from satellites, generally atmospheric data and
> such.  Some are regular basis, contracted data.  During annual risk
> assessment processes the local IT staffs have indicated they must abide
> by NASA data protection standards as part of the grant.  Is this the
> type of example you are seeking?  I have no specifics, but it seems to
> meet the criteria you are interested in.
>
> Best regards,
>
> Jim
>
> *****************************************
> Jim Dillon, CISA, CISSP
> IT Audit Manager, CU Internal Audit
> jim.dillon () cusys edu
> 303-492-9734
> *****************************************
>
>
>
>
> ________________________________
>
> From: Rodney Petersen [mailto:rpetersen () EDUCAUSE EDU]
> Sent: Tuesday, August 29, 2006 9:20 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Security Requirements of Federal Funding Agencies
>
>
>
> I am curious if anyone has been confronted with security requirements as
> a condition of Federal contracts or grants.  It has been a couple of
> years since we last discussed the topic on this list and I am eager to
> learn of any new developments.
>
> Please share with the entire list the sources for any such requirements
> and your experiences if you have developed an effective process for
> responding.  I would also be interested to learn, privately if
> necessary, any unique challenges or obstacles that you have faced at
> your particular institution.
>
> Thanks in advance.
>
> Regards,
>
> -Rodney
> --------------------------------------------------
> Rodney J. Petersen
> Policy Analyst & Security Task Force Coordinator
>
> EDUCAUSE
> 1150 18th Street, N.W., Suite 1010
> Washington, D.C.  20036
> (202) 331-5368 / (202) 872-4200
> (202) 872-4318 (FAX)
> EDUCAUSE/Internet2 Security Task Force
> www.educause.edu/security <http://www.educause.edu/security>
> --------------------------------------------------

1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9GN482y8mrTDgSARAj1NAKC0EKjzmXOTNSoIXgfVMfU/PtL3YgCfdtmS
BYB49nTM+7wsXUzB7nzZ8ds=
=nB5U
-----END PGP SIGNATURE-----