Educause Security Discussion mailing list archives
Re: CIS Controls
From: Sunil Singh <spsfirst () HOTMAIL COM>
Date: Sat, 3 Mar 2018 14:38:10 +0000
Hi Cyndie, We at Iowa State have started keeping our list of approved software. In 2017 we in IT Services started working with procurement to vet all request and renewal for software purchase. For large purchase we request our Vendor form which has the question you have asked, to be filled in, plus we look at SOC2 Type 2. As part of assessment our effort is to have "Moderate". classified data handling software to be hosted in US. This is part of our long term planning to have a Configuration Management Data Base. All request for vetting is submitted through our change Management system and recorded in Jira. Sunil Singh Director Iowa State University ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Cyndie Holmes <cholmes () TXSTATE EDU> Sent: Thursday, March 1, 2018 4:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] CIS Controls Has your institution implemented the top 5 CIS Controls? if so, which ones? I'm particularly interested in Control 2 An Inventory of Software. If your institution maintains a software inventory, are you tracking whether the software is provided by an external vendor (hosted or cloud)? Thanks Cyndie Holmes Sr. IT Auditor Texas State University
Current thread:
- CIS Controls Cyndie Holmes (Mar 01)
- Re: CIS Controls Sunil Singh (Mar 03)