Re: CUI network Policies and Procedures

["Starzynski Coddens, Amy Catherine" <astarzyn () REN-ISAC NET>]

Hi Jonathan,

REN-ISAC has a CMMC list & a Slack channel that are both open to anybody with a .edu email address. They are pretty 
quiet right now, but information is passed along as it becomes public.  

 

To join the list, all you need to do is send an add request to cmmc-join () lists ren-isac net. 

 

The Slack channel can be joined by clicking this Inspector Gadget link, which will expire in 7 days: 
https://join.slack.com/share/zt-jbor9ja8-qUlE73HipAXJDB0TZK4~xw

 

If there are any questions, please feel free to contact me. 

 

Best,

Amy

 

Amy Starzynski Coddens

Information Services Security Analyst

Phone: 812.856.7739

www.ren-isac.net

 

 

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Kimmitt, 
Jonathan" <jonathan-kimmitt () UTULSA EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, November 6, 2020 at 3:02 PM
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] CUI network Policies and Procedures

 

Thank you Randy!

 

-jonathan

 

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of randy
Sent: Friday, November 6, 2020 1:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CUI network Policies and Procedures

 

Our approach was to implement the 20 Critical Security Controls. These map to almost all of the CUI requirements except 
the physical access one. You can see the mappings between the 20 CSC and the various frameworks (800-171, 800-53a, 
etc.) by looking at the Master Mapping spreadsheet at 
https://www.auditscripts.com/free-resources/critical-security-controls/. Also, Educause has a good start at 
https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template.

 

-Randy Marchany

VA Tech IT Security Office and Lab

 

On Fri, Nov 6, 2020 at 1:39 PM Kimmitt, Jonathan <jonathan-kimmitt () utulsa edu> wrote:

Hi all,

 

We are looking to begin the process to implement NIST 800-171 and prepare for 800-53 (for future CMMC requirements on 
research projects)….

 

I wanted to see what other’s were looking at for CMMC and maybe talk to other .edu’s about their CUI deployment….

 

I’m happy to talk off list as well……

 

Thanks…

 

-Jonathan

 

 

 

~

Jonathan Kimmitt

Jonathan-kimmitt () utulsa edu

CISSP, FIP, CDPSE, CIPP/E, CIPM, 

CIPT, GPEN, GSNA, PCIP, CEH

Chief Information Security Officer

Information Technology

The University of Tulsa

918.631.2743

 

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community 

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community 

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community 


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community