Re: FISMA Compliance

["Shamblin, Quinn" <qrs () BU EDU>]

We have a heavily protected VDI solution that we use for this purpose.  Mostly built on open source technologies, but 
with a few licensed items like the vulnerability management and two-factor solutions.

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jay 
Graham
Sent: Friday, September 07, 2012 4:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FISMA Compliance

Hello All,

With the relativity new restrictions placed on Federal Grants and the use of Government data we are facing a large 
project to construct a "FISMA Zone" at out data center. A question came up in our weekly project meeting on what other 
schools are doing. A quick search of the web came back with some outsourcing it, some doing it themselves, and some 
offering guidance and leaving it up to the individual units to secure the data.

I wanted to ask this list what some of you folks are doing before we go down the path of constructing a zoned off area 
in our data center for this.

Thanks in advance
Jay Graham
Enterprise Architect
University of Pittsburgh