Re: New VA FISMA Requirements for PIs in Research Institutions

["Friedmann, Esther" <estherf () UMICH EDU>]

By the way, there is a more recent version of NIST 800-53 at

 

http://csrc.nist.gov/publications/nistpubs/800-53-Rev1/800-53-rev1-final
-clean-sz.pdf

 

Esther Friedmann

University of Michigan

 

________________________________

From: Jill B Gemmill [mailto:JGemmill () UAB EDU] 
Sent: Tuesday, March 13, 2007 11:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] New VA FISMA Requirements for PIs in Research
Institutions

 

FISMA is a procedural framework in which NIST 800-53 Security Controls
are applied.

http://csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf

 

UAB has done some similar assessments for NIH Human Subject Contracts -
investigators have expected us to supply some template language to plug
in to their grants, while the actual requirements call for  detailed
description of the data flow, state of information at each point in the
flow, and all applicable management, technical, and physical controls.

 

-------------------------------------
  Jill Gemmill, PhD
  University of Alabama at Birmingham | Data Security

  205-975-2850 | jgemmill () uab edu

  

 

From: Ronnie Jefferson [mailto:RONNIE.JEFFERSON () HAMPTONU EDU] 
Sent: Monday, March 12, 2007 3:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] New VA FISMA Requirements for PIs in Research
Institutions

 

Thanks Connie....this is very helpful!!

 

Ronnie

 

Ronnie Jefferson

Director

Data Conversion & Management Lab

Hampton University

Hampton, Va 23668

(757) 727-5928

(757) 728-6807

 

 

 

 

 

This message contains information which may be confidential and
privileged. Unless you are the addressee (or authorized to receive for
the addressee), you may not use, copy or disclose to anyone the message
or any information contained in the message. If you have received the
message in error, please advise the sender by reply e-mail and delete
all copies of the message.

________________________________

From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
Sent: Monday, March 12, 2007 4:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] New VA FISMA Requirements for PIs in Research
Institutions

 

 

For those of you who do research with the Veterans Administration, have
any of you been able to gather specific requirements for the very recent
requirements to comply with FISMA? As some of you may know, we have been
given requirements, and not much time to become compliant!

I have some reference documents:
http://www.research.va.gov/resources/policies/docs/PI-Certification.pdf
and http://csrc.nist.gov/policies/FISMA-final.pdf, and
http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf.

If some of you are interested, this might be something that we could
organize an audio telecon around. 

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
IT Security Officer, Brown University 
Campus Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu <mailto:Connie_Sadler () Brown edu> ,  Office:
401-863-7266 
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> 
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB 

________________________________

The information contained in this message is intended only for the
recipient, and may otherwise be privileged and confidential. If the
reader of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended recipient,
please be aware that any dissemination or copying of this communication
is strictly prohibited. If you have received this communication in
error, please immediately notify us by replying to the message and
deleting it from your computer. This footnote also confirms that this
email has been scanned for all viruses by the Hampton University's
Center for Information Technology Enterprise Systems service.