Educause Security Discussion mailing list archives
Re: NIST 800-171 Checkup & Lessons Learned
From: Jim StClair <jim.stclair@TBE.SOLUTIONS>
Date: Tue, 14 Nov 2017 12:18:54 -0600
Hi All! Just catching up on this thread. Yes, not to speak for Darren but the DFARS reg requires a System Security Plan (SSP) AND Plan of Action and Milestones (POAM) that complies with NIST 800-171, hence the two references. For my part, I have worked with a University to complete these documents based on a cloud-based enclave. I would be happy to discuss separately and not "clog" this listserv. regards, Jim St.Clair 228-273-4893 On Nov 14, 2017 8:08 AM, "Joanna Grama" <jgrama () educause edu> wrote: Hi Darren, You are referring to the end of the year DFARS compliance date for defense contracts/CUI? Thanks, Joanna *Joanna Grama, JD, CISSP, CRISC, CIPT* Director of Cybersecurity and IT GRC Programs *EDUCAUSE* *Uncommon Thinking for the Common Good* 282 Century Place, Suite 5000, Louisville, CO 80027 <https://maps.google.com/?q=282+Century+Place,+Suite+5000,+Louisville,+CO+80027&entry=gmail&source=g> direct: 720.406.6769 <(720)%20406-6769> | cell: 720.507.5983 <(720)%20507-5983> | jgrama () educause edu *Become a Member**- Everyone at your organization is an EDUCAUSE member when you join* | Access discounts, resources, and valuable peer networks | Discover membership <https://www.educause.edu/about/discover-membership> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Darren Yezo *Sent:* Tuesday, November 14, 2017 9:19 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] NIST 800-171 Checkup & Lessons Learned Hi all, I would love to hear how everyone is doing in regards to complying with the Dec 31st deadline for NIST 800-171 applicable networks and systems. I am particularly curious about the architectural strategies some of the smaller schools adopted and any lessons learned during your deployment that you would be willing to share. Feel free to contact me privately as well. Best Regards, Darren Yezo *Chief Information Security Officer* *Division of Information Technology* *dyezo () stevens edu <dyezo () stevens edu>* T 201 216 3944 <(201)%20216-3944> *STEVENS INSTITUTE OF TECHNOLOGY* <http://www.stevens.edu/>
Current thread:
- NIST 800-171 Checkup & Lessons Learned Darren Yezo (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Darren Yezo (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Jim StClair (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Jarret Cummings (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Alfred Barker (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Adam Maynard (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Alfred Barker (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Joanna Grama (Nov 14)
- Re: NIST 800-171 Checkup & Lessons Learned Penn, Blake C (Nov 14)