Re: CUI network Policies and Procedures

["Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU>]

Thank you Randy!

-jonathan

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of randy
Sent: Friday, November 6, 2020 1:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CUI network Policies and Procedures

Our approach was to implement the 20 Critical Security Controls. These map to almost all of the CUI requirements except 
the physical access one. You can see the mappings between the 20 CSC and the various frameworks (800-171, 800-53a, 
etc.) by looking at the Master Mapping spreadsheet at 
https://www.auditscripts.com/free-resources/critical-security-controls/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.auditscripts.com%2Ffree-resources%2Fcritical-security-controls%2F&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bpkyVp%2BmpT6GYs2TuSXlifEePQV3T%2FsHaVvJoOo6%2Fvk%3D&reserved=0>.
 Also, Educause has a good start at 
https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibrary.educause.edu%2Fresources%2F2016%2F9%2Fnist-sp-800-171-compliance-template&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w9w3kHazjus8JE02yRIHTcyrTyUJqjF6BGOKgYv6z9I%3D&reserved=0>.

-Randy Marchany
VA Tech IT Security Office and Lab

On Fri, Nov 6, 2020 at 1:39 PM Kimmitt, Jonathan <jonathan-kimmitt () utulsa edu<mailto:jonathan-kimmitt () utulsa 
edu>> wrote:
Hi all,

We are looking to begin the process to implement NIST 800-171 and prepare for 800-53 (for future CMMC requirements on 
research projects)….

I wanted to see what other’s were looking at for CMMC and maybe talk to other .edu’s about their CUI deployment….

I’m happy to talk off list as well……

Thanks…

-Jonathan



~
Jonathan Kimmitt
Jonathan-kimmitt () utulsa edu<mailto:Jonathan-kimmitt () utulsa edu>
CISSP, FIP, CDPSE, CIPP/E, CIPM,
CIPT, GPEN, GSNA, PCIP, CEH
Chief Information Security Officer
Information Technology
The University of Tulsa
918.631.2743


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5ZbFGKRVPPOI39RkRwIVYoaTYF9ViS04bOKiVdCCtew%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704045591%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JvqudZnKPu4S7snvb%2FPtHcGHdlsJcWMjhbyL5EM%2BZCc%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community