Educause Security Discussion mailing list archives
Re: Faculty Grant Machines
From: "Harris, Michael C." <HarrisMC () HEALTH MISSOURI EDU>
Date: Fri, 8 Aug 2008 15:49:30 -0500
Please forgive my lack of knowledge in this area, grants are not something I regularly deal with. If it is a Federal grant, do FISMA or FIPS standards apply and need to be followed? Even if not explicitly called out in the grant process?
From the few I have touched encryption and data transfer standards are
called out FIPS 140-1 or 140-2 and sometimes (rarely) electronic signature standards come up, but what other standards are mandated, required vs suggested, or just good practice. Does the grant explicitly need to call out the best practice framework required? Or is there some implication that you must follow FISMA, FIPS, NIST... Mike -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye Sent: Thursday, August 07, 2008 9:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Faculty Grant Machines Zach Jansen wrote:
I'm wondering how other schools handle computers purchased by faculty using grant money. Do you require that those machines be managed by your security software such as AV, patch management, etc? Do you segregate those from the rest of the network and leave them alone? Or do you let faculty do whatever they wish to do with the machines? Does anyone know what the institutions responsibility is in the event of a breach of confidential information on grant purchased research machines? Any sage advice or information is appreciated.
Most of the normal cases have already been discussed, but we do have some systems that are part of instruments where the instrument vendor claims they cannot be patched or altered. Those we either keep entirely off the network or severely restrict network access through firewall rules, granting them access to printing only, for example. We've gotten little feedback, especially as we can cite past examples of bad behaviour ;-) -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "Seen it all, done it all, can't remember most of it."
Current thread:
- Faculty Grant Machines Zach Jansen (Aug 06)
- <Possible follow-ups>
- Re: Faculty Grant Machines Sarah Stevens (Aug 06)
- Re: Faculty Grant Machines Kieper, David (Aug 06)
- Re: Faculty Grant Machines Cal Frye (Aug 07)
- Re: Faculty Grant Machines Harris, Michael C. (Aug 08)
- Re: Faculty Grant Machines Faith Mcgrath (Aug 13)