Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171

[Mark Purcell <purcell () LASALLE EDU>]

I would also be interested.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hart, Michael
Sent: Friday, January 29, 2021 12:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171


External Email: Use caution and do not click links or open attachments from unknown senders.
Count me in also.


Mike Hart  | CISO, Director of ITS Security and Asset Management
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480Z1  Denver, CO 80204
303-615-0541 (Office)
303-352-7548 (Help Desk)
mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | 
www.msudenver.edu/technology<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.msudenver.edu%2Ftechnology&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533339700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rdEwHWBTwXeOGvjk5nHCFkuFDb0iCo%2FaIZJUosiN4ec%3D&reserved=0>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Jeremy Livingston
Sent: Friday, January 29, 2021 9:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171

NOTICE: This email originated from outside the University. Please exercise caution when replying or opening links and 
attachments.

I'd be interested as well.



Thanks,

Jeremy M. Livingston
Chief Information Security Officer
M 973-985-4996
STEVENS INSTITUTE OF 
TECHNOLOGY<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.stevens.edu%2F&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533349695%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=64Vt0wpG6%2FRTpS%2BLvrS6gMjpejpPL3XDfKOx1xhlquE%3D&reserved=0>
facebook<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FStevens1870&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533359694%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1mx5F2ItYHiE2CJ6AbJHxbTdeVgfXAS2QXCsNlVwBYY%3D&reserved=0>
  *  
twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FFollowStevens&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533359694%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=31GUPEg7pg5DEzzVr5FRpDHxBuS9Q7JFONk4SYhOx%2BE%3D&reserved=0>
  *  
news<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.stevens.edu%2Fnews%2F&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533369686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q%2BYZxUtCjcfzpSymQNZaAblOg0SvmWrSZoBbYVU5x3g%3D&reserved=0>
  *  
youtube<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2Fuser%2FEdwinAStevens70&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533369686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bGgEIMb9RP80QAy12KFitoT19HEICYPfRoo1Pj7tGTw%3D&reserved=0>


Report Phishing
To report phishing, please forward your email as
an attachment to phishing @stevens.edu. Please
click 
here<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsit.teamdynamix.com%2FTDClient%2FKB%2FArticleDet%3FID%3D46729&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533379681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Hb2T1pWFnI2CAGu%2Ffu2e2rFz1ivtyQM1X0y2kT2YeeU%3D&reserved=0>
 for forwarding instructions.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Fugett, Julie C
Sent: Friday, January 29, 2021 11:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] student systems and NIST 800-171

Please add my name to the working group list as well.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Dave Broucek
Sent: Friday, January 29, 2021 10:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] student systems and NIST 800-171

I would be interested in a working group

Regards,
Dave Broucek

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Sidiqyar, Masood
Sent: Friday, January 29, 2021 9:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] student systems and NIST 800-171

External Email.

We are also looking into this very closely, knowing the need for cybersecurity related to student financial data will 
only increase and come from multiple directions. In addition to the federal lense, the state of TN now 'requires' 
FedRamp or ISO27001 certification before they provide the necessary information in support of processing lottery 
scholarships. The folks we've talked to at the state consider 800-171 a very low bar! I support forming an 
interest/working group.

Best,
Masood

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Harry Hoffman
Sent: Friday, January 29, 2021 7:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] student systems and NIST 800-171


[WARNING: This email originated from outside of Vanderbilt University. Please treat this message with additional 
caution.]
We're just starting to look into this among a broader effort around compliance. I'd be interested in what other are 
doing or forming an interest/working group if there's enough folks keen to do so.

Cheers,
Harry


On Thu, Jan 28, 2021 at 11:35 AM Fugett, Julie C <jcf () ku edu<mailto:jcf () ku edu>> wrote:
Is anyone aware of templates, checklists, or other guidance around performing this self-assessment? I just watched Mia 
Jordan's talk from the 2020 Virtual FSA training conference and while the talk was informative, she didn't provide any 
resources or a timeline for the self-assessment process. I'm reaching out to the contact email in the slides, but I'm 
wondering if I've missed something somewhere along the way.

______________________________________
Julie C. Fugett, CISSP
Chief Information Security Officer
KU Information Technology
The University of Kansas
Email jcf () ku edu<mailto:jcf () ku edu>
Mobile +1 785 691 9023
Office +1 785 864 0490
She/Her/Hers



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ross Mukai
Sent: Wednesday, January 27, 2021 6:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] student systems and NIST 800-171

Some slides from the 2020 student aid conference describing a compliance framework for glba + CUI
The bullet points on the near-term plan on pg 18 include the 12/18/20 letter and self-assessments
https://fsaconferences.ed.gov/conferences/library/2020/2020FSAConfSessionBO15.pdf<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffsaconferences.ed.gov%2Fconferences%2Flibrary%2F2020%2F2020FSAConfSessionBO15.pdf&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533379681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lEJsWVTpmeeC8pCn5KuVPWlCQ2EwurFHC%2FoA3mampkY%3D&reserved=0>

On Wed, Jan 27, 2021 at 2:01 PM Sam Horowitz <samh () ucsb edu<mailto:samh () ucsb edu>> wrote:
https://ifap.ed.gov/electronic-announcements/121820CybersecurityProtectStudentInfoComplianceCUInGLBA<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fifap.ed.gov%2Felectronic-announcements%2F121820CybersecurityProtectStudentInfoComplianceCUInGLBA&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533389673%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J1DOyj4oxZFa1Xj2D6z%2FfwMrnfkwK70FYTIzRBq2KT0%3D&reserved=0>

-------------------------------------------
Sam Horowitz, CISSP, CISM
Chief Information Security Officer
he/him/his
Office: (805) 893-5005
Email: samh () ucsb edu<mailto:samh () ucsb edu>


On Wed, Jan 27, 2021 at 3:38 PM Alex Jalso <ACJalso () mail wvu edu<mailto:ACJalso () mail wvu edu>> wrote:
Hello Everyone,

In a meeting with peer institutions it was said that at the Federal level there's been discussions that university 
student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or 
risk losing financial aid.  Has anyone heard something similar to this or received communications about it?

Alex

Alex Jalso, PMP, CISM, CDPSE
Chief Information Security Officer
Information Technology Services
West Virginia University
p: 304-293-4457

Defend your data. ITS will NEVER ask you for your WVU Login credentials, Social Security number or credit card 
information via email. NEVER click on suspicious email links or attachments, even those that appear to be from a 
legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact 
DefendYourData () mail wvu edu<mailto:DefendYourData () mail wvu edu>.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533399668%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ql7uvXIe5AqMOvJzsEFegKH%2Bbj8N9V8oTINcvHSRG5I%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533399668%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ql7uvXIe5AqMOvJzsEFegKH%2Bbj8N9V8oTINcvHSRG5I%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533409662%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zTn8MA6OgiRWDU6wHxUNla%2BFD80FPgcFV12VqEktrbo%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533409662%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zTn8MA6OgiRWDU6wHxUNla%2BFD80FPgcFV12VqEktrbo%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533419658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gudOzqI8gX0imBQQBHK1dUG%2F00GlYXCpYdgJ%2BJVA98Q%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533429647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cY0PejY5DiuJZfNvwTYSyOSorikK75sqSUX9TThhdXg%3D&reserved=0>
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533429647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cY0PejY5DiuJZfNvwTYSyOSorikK75sqSUX9TThhdXg%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533439640%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=g%2FwqSERgSLQLdoEpuIr4Hl7UYicSRpUk%2FSYTPVZFzj8%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533449641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DOb8rtez9YObU1GgrFxSLfYQcrans1CNAXjPr%2BaLMdI%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C5148f2ba5fec46926e2e08d8c47897f5%7C1036f37b0d59489ca8801a6aebd2bd07%7C0%7C0%7C637475369533449641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DOb8rtez9YObU1GgrFxSLfYQcrans1CNAXjPr%2BaLMdI%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community