Educause Security Discussion mailing list archives
Re: Veterans Affairs Data Handling
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Mon, 9 Jul 2007 10:18:36 -0400
If your application needs to be "certified", you need to complete the Certification and Accreditation (C&A) process in NIST Special Publication 800-37. This includes the selection and documentation of controls under 800-53. James A.St.Clair, CISM Sr. Manager Global Public Sector Grant Thornton LLP (703) 637-3078 (office) (703) 727-6332 (mobile) (703) 837-4455 (fax) ________________________________ From: Schmidt, Eric W [mailto:erschmid () IUPUI EDU] Sent: Monday, July 09, 2007 9:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: Veterans Affairs Data Handling We're dealing with a similar issue regarding VA research data and "certifying" applications that handle that data. I was informed by the ISO at our VA center that NIST 800-53 is the security document we need to follow for "certifying" these applications. My problem is I need a checklist the VA would use for this process and the NIST document doesn't provide this. __________________________ Eric W. Schmidt, CISSP, CISM Chief Security Officer Indiana University School of Medicine ________________________________ From: Chris Green Sent: Fri 7/6/2007 4:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Veterans Affairs Data Handling Good day, Does anyone have a pointer to current VA regulations regarding handing research data? Searching their site reveals portions here and there but not a decent set of regulations. Closest I can find is http://209.85.165.104/search?q=cache:TFF_RSNHFcMJ:www.warms.vba.va.gov/a dmin20/directve/va/6504.doc+VA+Directive+6504&hl=en&ct=clnk&cd=1&gl=us&c lient=firefox-a but the source document is no longer there which makes me wonder if it has been obsolete by another document. Thanks, Chris -- Chris Green UAB Data Security, 205-975-0842 -------------------------------------------------------- In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under the Internal Revenue Code. -------------------------------------------------------- This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.
Current thread:
- Veterans Affairs Data Handling Chris Green (Jul 06)
- <Possible follow-ups>
- Re: Veterans Affairs Data Handling Valdis Kletnieks (Jul 06)
- Re: Veterans Affairs Data Handling Schmidt, Eric W (Jul 09)
- Re: Veterans Affairs Data Handling St Clair, Jim (Jul 09)