Educause Security Discussion mailing list archives
Re: CUI network Policies and Procedures
From: "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU>
Date: Fri, 6 Nov 2020 20:01:56 +0000
Thank you Randy! -jonathan From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of randy Sent: Friday, November 6, 2020 1:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] CUI network Policies and Procedures Our approach was to implement the 20 Critical Security Controls. These map to almost all of the CUI requirements except the physical access one. You can see the mappings between the 20 CSC and the various frameworks (800-171, 800-53a, etc.) by looking at the Master Mapping spreadsheet at https://www.auditscripts.com/free-resources/critical-security-controls/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.auditscripts.com%2Ffree-resources%2Fcritical-security-controls%2F&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bpkyVp%2BmpT6GYs2TuSXlifEePQV3T%2FsHaVvJoOo6%2Fvk%3D&reserved=0>. Also, Educause has a good start at https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibrary.educause.edu%2Fresources%2F2016%2F9%2Fnist-sp-800-171-compliance-template&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w9w3kHazjus8JE02yRIHTcyrTyUJqjF6BGOKgYv6z9I%3D&reserved=0>. -Randy Marchany VA Tech IT Security Office and Lab On Fri, Nov 6, 2020 at 1:39 PM Kimmitt, Jonathan <jonathan-kimmitt () utulsa edu<mailto:jonathan-kimmitt () utulsa edu>> wrote: Hi all, We are looking to begin the process to implement NIST 800-171 and prepare for 800-53 (for future CMMC requirements on research projects)…. I wanted to see what other’s were looking at for CMMC and maybe talk to other .edu’s about their CUI deployment…. I’m happy to talk off list as well…… Thanks… -Jonathan ~ Jonathan Kimmitt Jonathan-kimmitt () utulsa edu<mailto:Jonathan-kimmitt () utulsa edu> CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704035635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5ZbFGKRVPPOI39RkRwIVYoaTYF9ViS04bOKiVdCCtew%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cfd15b0590b5344cdb5a808d8828e783a%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637402895704045591%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JvqudZnKPu4S7snvb%2FPtHcGHdlsJcWMjhbyL5EM%2BZCc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- CUI network Policies and Procedures Kimmitt, Jonathan (Nov 06)
- Re: CUI network Policies and Procedures randy (Nov 06)
- Re: CUI network Policies and Procedures Kimmitt, Jonathan (Nov 06)
- Re: CUI network Policies and Procedures Nathan Phillips (Nov 06)
- Re: CUI network Policies and Procedures Mark Reboli (Nov 06)
- Re: CUI network Policies and Procedures Starzynski Coddens, Amy Catherine (Nov 10)
- Re: CUI network Policies and Procedures Kimmitt, Jonathan (Nov 10)
- Re: CUI network Policies and Procedures Kimmitt, Jonathan (Nov 06)
- Re: CUI network Policies and Procedures randy (Nov 06)
- <Possible follow-ups>
- Re: CUI network Policies and Procedures Jennifer Minella (Nov 09)