Educause Security Discussion mailing list archives
Re: DRAFT NIST 800-171 - READ THIS!
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Mon, 27 Apr 2015 16:16:18 +0000
Hi Randy, EDUCAUSE submitted comments on behalf of the higher education community for the first draft of NIST 800-171 in January. Please see attached. The second draft of SP 800-171 was recently released in response to the comments that they received at the beginning of the year. We are currently reviewing the second draft with members of the HEISC Technologies, Operations, and Practices working group. EDUCAUSE is planning to submit another letter to address the most important remaining issues from the higher education perspective by the May 12 deadline. We are working with Dave Nevin (Oregon State University) and Tom Siu (Case Western Reserve University) in case you would like to speak with them further about the first round of comments or the second letter that is in development. Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/> From: Randy Marchany <marchany () vt edu<mailto:marchany () vt edu>> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Monday, April 27, 2015 at 8:57 AM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] DRAFT NIST 800-171 - READ THIS! We were just told about a new NIST draft SP 800-171 "Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations". http://csrc.nist.gov/publications/drafts/800-171/sp800_171_second_draft.pdf It establishes "infosec" standards and guidelines for protecting CUI. They apply to the components of nonfederal info systems that process, store or transmit CUI. The "problem" is there is a BROAD definition of CUI that can impact how research institutions will have to deal with data in these categories. Just wondering if anyone else has looked at this draft and if they're as concerned about it. -Randy Marchany VA Tech IT Security Office and Lab
Attachment:
EDUCAUSE NIST SP 800-171 01-15-15[1].pdf
Description: EDUCAUSE NIST SP 800-171 01-15-15[1].pdf
Current thread:
- DRAFT NIST 800-171 - READ THIS! randy (Apr 27)
- Re: DRAFT NIST 800-171 - READ THIS! Valerie Vogel (Apr 27)
- Re: DRAFT NIST 800-171 - READ THIS! Valerie Vogel (May 19)
- Re: DRAFT NIST 800-171 - READ THIS! Valerie Vogel (Apr 27)