Re: NIST 800-171 Checkup & Lessons Learned

["Penn, Blake C" <blake.penn () SECURITY GATECH EDU>]

Darren,

We are using an assessment-centered approach rather than architectural strategies.  The architecture piece is longer 
term since after analysis we found that a one-size-fits-all approach would not meet the needs of our campus.

We have identified all contracts with the DFARS 7012 clause and visited these labs, performed gap assessments, and 
assisted the PI and their IT staff in creating an SSP that addresses all the NIST 800-171 requirements.  I'd be glad to 
discuss in more detail if that would be helpful.

Regards,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Darren 
Yezo
Sent: Tuesday, November 14, 2017 09:19
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] NIST 800-171 Checkup & Lessons Learned

Hi all,

I would love to hear how everyone is doing in regards to complying with the Dec 31st deadline for NIST 800-171 
applicable networks and systems.  I am particularly curious about the architectural strategies some of the smaller 
schools adopted and any lessons learned during your deployment that you would be willing to share. Feel free to contact 
me privately as well.

Best Regards,
Darren Yezo

Chief Information Security Officer
Division of Information Technology
dyezo () stevens edu<mailto:dyezo () stevens edu>
T 201 216 3944
STEVENS INSTITUTE OF TECHNOLOGY<http://www.stevens.edu/>