Re: [External] Re: [SECURITY] student systems and NIST 800-171

["Coleman, Susan Elizabeth" <colemans () IU EDU>]

Good Afternoon,

For those seeking an outside perspective, REN-ISAC’s Peer Assessment Service offers NIST 800-171 Compliance reviews.

I would be happy to answer any questions you have about the program and can be reached at peer () ren-isac net.

Sincerely,

Susan



Sent from my iPhone

On Jan 28, 2021, at 12:17 PM, Dennis Bolton <bolton () oakland edu> wrote:


This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from 
external sources.

Yes, we started doing this a few years ago.  I can't recall the specific driver (e.g. announcement or publication) but 
I think the general goal was to be prepared if the guidance \ language become more direct.

I know the great folks at BYU have made some amazing GoogleSheets to facilitate reviews.  I believe they have currently 
NIST 800-171 and CMMC templates up for general use by other educational institutions.

Dennis Bolton
Information Security Officer
Oakland University
Dodge Hall Rm 220
118 Library Drive
Rochester, MI 48309-4401
248-370-4803


On Wed, Jan 27, 2021 at 6:38 PM Alex Jalso <ACJalso () mail wvu edu<mailto:ACJalso () mail wvu edu>> wrote:
Hello Everyone,

In a meeting with peer institutions it was said that at the Federal level there’s been discussions that university 
student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or 
risk losing financial aid.  Has anyone heard something similar to this or received communications about it?

Alex

Alex Jalso, PMP, CISM, CDPSE
Chief Information Security Officer
Information Technology Services
West Virginia University
p: 304-293-4457

Defend your data. ITS will NEVER ask you for your WVU Login credentials, Social Security number or credit card 
information via email. NEVER click on suspicious email links or attachments, even those that appear to be from a 
legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact 
DefendYourData () mail wvu edu<mailto:DefendYourData () mail wvu edu>.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community