Educause Security Discussion mailing list archives

Re: Faculty Grant Machines

From: "Harris, Michael C." <HarrisMC () HEALTH MISSOURI EDU>
Date: Fri, 8 Aug 2008 15:49:30 -0500

Please forgive my lack of knowledge in this area, grants are not
something I regularly deal with.  

If it is a Federal grant, do FISMA or FIPS standards apply and need to
be followed? Even if not explicitly called out in the grant process?

From the few I have touched encryption and data transfer standards are

called out FIPS 140-1 or 140-2 and sometimes (rarely) electronic
signature standards come up, but what other standards are mandated,
required vs suggested, or just good practice.

Does the grant explicitly need to call out the best practice framework
required? Or is there some implication that you must follow FISMA, FIPS,
NIST...

Mike 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye
Sent: Thursday, August 07, 2008 9:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Faculty Grant Machines

Zach Jansen wrote:

I'm wondering how other schools handle computers purchased by faculty 
using grant money. Do you require that those machines be managed by 
your security software such as AV, patch management, etc? Do you 
segregate those from the rest of the network and leave them alone? Or 
do you let faculty do whatever they wish to do with the machines?
Does anyone know what the institutions responsibility is in the event 
of a breach of confidential information on grant purchased research 
machines? Any sage advice or information is appreciated.


Most of the normal cases have already been discussed, but we do have
some systems that are part of instruments where the instrument vendor
claims they cannot be patched or altered. Those we either keep entirely
off the network or severely restrict network access through firewall
rules, granting them access to printing only, for example. We've gotten
little feedback, especially as we can cite past examples of bad
behaviour ;-)

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

    www.calfrye.com,  www.pitalabs.com


"Seen it all, done it all, can't remember most of it."

Current thread:

Faculty Grant Machines Zach Jansen (Aug 06)
- <Possible follow-ups>
- Re: Faculty Grant Machines Sarah Stevens (Aug 06)
- Re: Faculty Grant Machines Kieper, David (Aug 06)
- Re: Faculty Grant Machines Cal Frye (Aug 07)
- Re: Faculty Grant Machines Harris, Michael C. (Aug 08)
- Re: Faculty Grant Machines Faith Mcgrath (Aug 13)