Re: CUI network Policies and Procedures

[randy <marchany () VT EDU>]

Our approach was to implement the 20 Critical Security Controls. These map
to almost all of the CUI requirements except the physical access one. You
can see the mappings between the 20 CSC and the various frameworks
(800-171, 800-53a, etc.) by looking at the Master Mapping spreadsheet at
https://www.auditscripts.com/free-resources/critical-security-controls/.
Also, Educause has a good start at
https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template
.

-Randy Marchany
VA Tech IT Security Office and Lab

On Fri, Nov 6, 2020 at 1:39 PM Kimmitt, Jonathan <
jonathan-kimmitt () utulsa edu> wrote:

> Hi all,
>
>
>
> We are looking to begin the process to implement NIST 800-171 and prepare
> for 800-53 (for future CMMC requirements on research projects)….
>
>
>
> I wanted to see what other’s were looking at for CMMC and maybe talk to
> other .edu’s about their CUI deployment….
>
>
>
> I’m happy to talk off list as well……
>
>
>
> Thanks…
>
>
>
> -Jonathan
>
>
>
>
>
>
>
> ~
>
> Jonathan Kimmitt
>
> Jonathan-kimmitt () utulsa edu
>
> CISSP, FIP, CDPSE, CIPP/E, CIPM,
>
> CIPT, GPEN, GSNA, PCIP, CEH
>
> Chief Information Security Officer
>
> Information Technology
>
> The University of Tulsa
>
> 918.631.2743
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community