Re: CUI network Policies and Procedures

["Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU>]

Thank you Amy!

-Jonathan


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Starzynski 
Coddens, Amy Catherine
Sent: Tuesday, November 10, 2020 9:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CUI network Policies and Procedures

Hi Jonathan,
REN-ISAC has a CMMC list & a Slack channel that are both open to anybody with a .edu email address. They are pretty 
quiet right now, but information is passed along as it becomes public.

To join the list, all you need to do is send an add request to cmmc-join () lists ren-isac net<mailto:cmmc-join () 
lists ren-isac net>.

The Slack channel can be joined by clicking this Inspector Gadget link, which will expire in 7 days: 
https://join.slack.com/share/zt-jbor9ja8-qUlE73HipAXJDB0TZK4~xw<https://nam04.safelinks.protection.outlook.com/?url=https:%2F%2Fjoin.slack.com%2Fshare%2Fzt-jbor9ja8-qUlE73HipAXJDB0TZK4~xw&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408907193%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9XetBdqiycrTeW1SkTux%2BI%2FfiBAwot8VtSRjJ5lDPu0%3D&reserved=0>

If there are any questions, please feel free to contact me.

Best,
Amy

Amy Starzynski Coddens
Information Services Security Analyst
Phone: 812.856.7739
www.ren-isac.net<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ren-isac.net%2F&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408907193%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Musv3n0Pov8LjrftgKj07a%2FTLi%2FiPeU56EJu31H0xE8%3D&reserved=0>

[signature_910343208]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU<mailto:jonathan-kimmitt () UTULSA EDU>>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>>
Date: Friday, November 6, 2020 at 3:02 PM
To: <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] CUI network Policies and Procedures

Thank you Randy!

-jonathan

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of randy
Sent: Friday, November 6, 2020 1:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] CUI network Policies and Procedures

Our approach was to implement the 20 Critical Security Controls. These map to almost all of the CUI requirements except 
the physical access one. You can see the mappings between the 20 CSC and the various frameworks (800-171, 800-53a, 
etc.) by looking at the Master Mapping spreadsheet at 
https://www.auditscripts.com/free-resources/critical-security-controls/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.auditscripts.com%2Ffree-resources%2Fcritical-security-controls%2F&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408917149%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wNM6k%2B2U71GuqZekL6P9R1AFEOru1qceVVQ9fsdAI7w%3D&reserved=0>.
 Also, Educause has a good start at 
https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibrary.educause.edu%2Fresources%2F2016%2F9%2Fnist-sp-800-171-compliance-template&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408917149%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=G4adhl%2FL8tJokl7CSNbRzOlUwdGlDCENPhJtIGEc67s%3D&reserved=0>.

-Randy Marchany
VA Tech IT Security Office and Lab

On Fri, Nov 6, 2020 at 1:39 PM Kimmitt, Jonathan <jonathan-kimmitt () utulsa edu<mailto:jonathan-kimmitt () utulsa 
edu>> wrote:
Hi all,

We are looking to begin the process to implement NIST 800-171 and prepare for 800-53 (for future CMMC requirements on 
research projects)….

I wanted to see what other’s were looking at for CMMC and maybe talk to other .edu’s about their CUI deployment….

I’m happy to talk off list as well……

Thanks…

-Jonathan



~
Jonathan Kimmitt
Jonathan-kimmitt () utulsa edu<mailto:Jonathan-kimmitt () utulsa edu>
CISSP, FIP, CDPSE, CIPP/E, CIPM,
CIPT, GPEN, GSNA, PCIP, CEH
Chief Information Security Officer
Information Technology
The University of Tulsa
918.631.2743


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408927098%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qydqEnU8ERlPHLlAIQk7XVk7F0Qxakxu0CVr1Xb%2Bgak%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408927098%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qydqEnU8ERlPHLlAIQk7XVk7F0Qxakxu0CVr1Xb%2Bgak%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408937052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FTlnQnG%2Fp1prlxrzUWG4xSoWg47JviHWJ9tg4mRCFfc%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7C0d7052cd71b344c2e1a808d8858a1426%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C1%7C637406175408937052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FTlnQnG%2Fp1prlxrzUWG4xSoWg47JviHWJ9tg4mRCFfc%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community