Educause Security Discussion mailing list archives
UPDATE FOR RESEARCH INSTITUTIONS RE: 800-171B (Draft) comment period closes on 7/19
From: Jarret Cummings <jcummings () EDUCAUSE EDU>
Date: Mon, 29 Jul 2019 15:34:44 +0000
Hi, All - For those of you at AAU institutions, AAU issued an action alert late last week to their members' senior research officers with copy to their institutional federal relations directors highlighting concerns about NIST SP 800-171B and encouraging feedback, both to AAU for consideration in relation to the association comments on which we're working as well as to NIST via direct institutional submissions on the request for comments. (https://csrc.nist.gov/publications/detail/sp/800-171b/draft) We worked with AAU<http://www.aau.edu/>, APLU<http://www.aplu.org/>, and COGR<http://www.cogr.edu/> to submit a letter asking NIST to extend the formal comment deadline again from Aug. 2 to mid-September, but NIST declined our request. They did note, however, that they will accept comments on publications like SP 800-171B at any time, so you may want to consider that if and when you reach out to sponsored research, or if and when sponsored research reaches out to you, about a possible institutional response. With NIST acknowledging that Aug. 2nd may be the deadline for the advertised comment period, but that it doesn't foreclose commenting altogether, you may want to see what the association submission looks like on Friday (and with the lack of time, we'll probably be pushing the deadline) and then consider at that point whether a possible institutional submission would add more grist to the mill or amplify what's there. In the meantime, we at EDUCAUSE will share what we can when we can. - Jarret _______________________________________________ Jarret S. Cummings Senior Advisor, Policy and Government Relations EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5372 | educause.edu<http://www.educause.edu/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brian Kelly Sent: Monday, July 8, 2019 10:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] 800-171B (Draft) comment period closes on 7/19 Good morning, The comment period for SP 800-171B closes on the 19th. The enhanced security requirements found in 800-171B apply only to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components when the designated CUI is contained in a critical program or high value asset (HVA). The enhanced security requirements are only applicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement. I'm interested in learning your thoughts on impact and scope... - Are your currently working with Critical Program or HVA data? - Is the cost analysis document directly relatable to higher ed institutions ( attached)? Please feel free to email me directly if you're not comfortable responding via listserv https://csrc.nist.gov/publications/detail/sp/800-171b/draft<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fdetail%2Fsp%2F800-171b%2Fdraft&data=02%7C01%7C%7C4fa266464781414f39f508d703b4afb8%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636981946950660695&sdata=eslxYYyJVM%2BY2fS71MrkYQNiy5lTIsFECXFSE4V81b8%3D&reserved=0> [https://csrc.nist.gov/CSRC/media/images/CSRC-logo-open-graph.png]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fdetail%2Fsp%2F800-171b%2Fdraft&data=02%7C01%7C%7C4fa266464781414f39f508d703b4afb8%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636981946950660695&sdata=eslxYYyJVM%2BY2fS71MrkYQNiy5lTIsFECXFSE4V81b8%3D&reserved=0> SP 800-171B (DRAFT), Protecting CUI: Enhanced Security Reqs for High Value Assets - csrc.nist.gov<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fdetail%2Fsp%2F800-171b%2Fdraft&data=02%7C01%7C%7C4fa266464781414f39f508d703b4afb8%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636981946950670691&sdata=HKoi8eqnNHQimNyW3Wt0UmVhEpidVNjwBfO2emiO%2FBs%3D&reserved=0> The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication provides federal agencies with recommended enhanced security requirements for protecting the ... csrc.nist.gov Brian Kelly Director, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good Follow HEISC on LinkedIn<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C4fa266464781414f39f508d703b4afb8%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636981946950670691&sdata=i9zZul3ybQmBty73kuYYIuEFoeOwZG5vGcEQ0VkXt9M%3D&reserved=0> | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu> direct: 720.406.6757 | mobile 475.449.6440 | educause.edu<http://www.educause.edu/> 1150 18th Street, NW, Suite 900 Washington, DC 20036
Current thread:
- UPDATE FOR RESEARCH INSTITUTIONS RE: 800-171B (Draft) comment period closes on 7/19 Jarret Cummings (Jul 29)