Educause Security Discussion mailing list archives
Re: student systems and NIST 800-171
From: Laura Raderman <lraderman () CMU EDU>
Date: Thu, 28 Jan 2021 16:38:37 +0000
Not related to financial aid systems, but the DoD has created a self-assessment scoring system for themselves on 800-171, and NIST provides 800-171a, they are a starting point https://www.acq.osd.mil/dpap/pdi/cyber/docs/NIST%20SP%20800-171%20Assessment%20Methodology%20Version%201.2%20%206.24.2020.pdf https://csrc.nist.gov/publications/detail/sp/800-171a/final Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu edu
On Jan 28, 2021, at 11:35 AM, Fugett, Julie C <jcf () ku edu> wrote: Is anyone aware of templates, checklists, or other guidance around performing this self-assessment? I just watched Mia Jordan’s talk from the 2020 Virtual FSA training conference and while the talk was informative, she didn’t provide any resources or a timeline for the self-assessment process. I’m reaching out to the contact email in the slides, but I’m wondering if I’ve missed something somewhere along the way. ______________________________________ Julie C. Fugett, CISSP Chief Information Security Officer KU Information Technology The University of Kansas Email jcf () ku edu Mobile +1 785 691 9023 Office +1 785 864 0490 She/Her/Hers From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ross Mukai Sent: Wednesday, January 27, 2021 6:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] student systems and NIST 800-171 Some slides from the 2020 student aid conference describing a compliance framework for glba + CUI The bullet points on the near-term plan on pg 18 include the 12/18/20 letter and self-assessments https://fsaconferences.ed.gov/conferences/library/2020/2020FSAConfSessionBO15.pdf On Wed, Jan 27, 2021 at 2:01 PM Sam Horowitz <samh () ucsb edu> wrote: https://ifap.ed.gov/electronic-announcements/121820CybersecurityProtectStudentInfoComplianceCUInGLBA ------------------------------------------- Sam Horowitz, CISSP, CISM Chief Information Security Officer he/him/his Office: (805) 893-5005 Email: samh () ucsb edu On Wed, Jan 27, 2021 at 3:38 PM Alex Jalso <ACJalso () mail wvu edu> wrote: Hello Everyone, In a meeting with peer institutions it was said that at the Federal level there’s been discussions that university student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or risk losing financial aid. Has anyone heard something similar to this or received communications about it? Alex Alex Jalso, PMP, CISM, CDPSE Chief Information Security Officer Information Technology Services West Virginia University p: 304-293-4457 Defend your data. ITS will NEVER ask you for your WVU Login credentials, Social Security number or credit card information via email. NEVER click on suspicious email links or attachments, even those that appear to be from a legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact DefendYourData () mail wvu edu. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- student systems and NIST 800-171 Alex Jalso (Jan 27)
- Re: student systems and NIST 800-171 Sam Horowitz (Jan 27)
- Re: student systems and NIST 800-171 Ross Mukai (Jan 27)
- Re: student systems and NIST 800-171 Fugett, Julie C (Jan 28)
- Re: student systems and NIST 800-171 Robert Smith (Jan 28)
- Re: student systems and NIST 800-171 Laura Raderman (Jan 28)
- Re: student systems and NIST 800-171 Colin Glover (Jan 28)
- Re: student systems and NIST 800-171 Schornstein, Matt (Jan 28)
- Re: student systems and NIST 800-171 Andrew Scheifele (Jan 28)
- Re: student systems and NIST 800-171 Ross Mukai (Jan 27)
- Re: student systems and NIST 800-171 Sam Horowitz (Jan 27)
- Re: student systems and NIST 800-171 Jarret Cummings (Jan 28)
- Message not available
- Re: student systems and NIST 800-171 Harry Hoffman (Jan 29)
- Re: student systems and NIST 800-171 Sidiqyar, Masood (Jan 29)
- Re: student systems and NIST 800-171 Boyd, Daniel (Jan 29)
- Re: student systems and NIST 800-171 Curt Kappenman (Jan 29)
- Re: student systems and NIST 800-171 Pifer, Michael (Feb 02)
- Re: student systems and NIST 800-171 Boyce-Werner, Rori (Feb 02)