Educause Security Discussion mailing list archives
Re: NIST 800-171 Checkup & Lessons Learned
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Tue, 14 Nov 2017 15:54:21 +0000
Hi Adam, That is my understanding as well. Thank you for sharing. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Maynard Sent: Tuesday, November 14, 2017 10:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] NIST 800-171 Checkup & Lessons Learned The GLBA for FSA is a requirement for the FY18 audit process. NIST 800-171 is separate from that, but recommended by the DoE. https://ifap.ed.gov/eannouncements/Cyber.html NIST 800-171 is for "Controlled Unclassified Information" that comes from the Fed and not already covered by something else, like FISMA. It should be spelled out in any govt contract or grant agreement when it's renewed/updated in 2018. -Adam From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alfred Barker Sent: Tuesday, November 14, 2017 10:27 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] NIST 800-171 Checkup & Lessons Learned I may be reading into this, Department of Education has stated beginning January 1st 2018, all Federal Student Aid systems must show GLBA safeguard rules compliance, and that compliance must be demonstrated using NIST 800-171. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jarret Cummings Sent: Tuesday, November 14, 2017 10:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] NIST 800-171 Checkup & Lessons Learned Hi, Darren - Just for clarification, are you referring to the DOD's application of 800-171 to defense contracts via DFARS? I'm not familiar with any deadline related to 800-171 other than for defense contracts, so I wanted to make sure I was following you correctly. Thanks! - Jarret _______________________________________________ Jarret S. Cummings Director of Policy and Government Relations EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5372 | main: 202.872.4200 | educause.edu<http://www.educause.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Darren Yezo Sent: Tuesday, November 14, 2017 7:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] NIST 800-171 Checkup & Lessons Learned Hi all, I would love to hear how everyone is doing in regards to complying with the Dec 31st deadline for NIST 800-171 applicable networks and systems. I am particularly curious about the architectural strategies some of the smaller schools adopted and any lessons learned during your deployment that you would be willing to share. Feel free to contact me privately as well. Best Regards, Darren Yezo Chief Information Security Officer Division of Information Technology dyezo () stevens edu<mailto:dyezo () stevens edu> T 201 216 3944 STEVENS INSTITUTE OF TECHNOLOGY<http://www.stevens.edu/>
Current thread:
- NIST 800-171 Checkup & Lessons Learned Darren Yezo (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Darren Yezo (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Jim StClair (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Jarret Cummings (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Alfred Barker (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Adam Maynard (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Alfred Barker (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Penn, Blake C (Nov 14)