Educause Security Discussion mailing list archives
Re: student systems and NIST 800-171
From: "Koppel, Lorna" <Lorna.Koppel () TUFTS EDU>
Date: Fri, 29 Jan 2021 17:18:44 +0000
Tufts would be interested in joining the working group too. Lorna L. Koppel Director of Information Security Office of Information Security (OIS) Tufts University 169 Holland Street<https://outlook.office.com/mail/deeplink/compose/AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%2B34CAAA%3D?version=2019123003.04&popoutv2=1> Somerville, MA 02144<https://outlook.office.com/mail/deeplink/compose/AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%2B34CAAA%3D?version=2019123003.04&popoutv2=1> Phone: 617.627.0885 Email: lorna.koppel () tufts edu<mailto:lorna.koppel () tufts edu> Information Security is Everyone's Responsibility! Learn more<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fit.tufts.edu%2fncsam&c=E,1,XVti2HpENxehdnHmgvLEcISzDN-E7n_SvDVPVABMqEIjWYATErmL9hzXIvnzpdwEey8Fg93ikggdo23_eORNtAxkETw_wFopP7r32tt4X9FOE4BoFf5HsXI,&typo=1>. ----------------------------------------------------------------------------------------------- TTS will NEVER ask for passwords or other personal information via email. ----------------------------------------------------------------------------------------------- For IT support, contact the TTS Service Desk at 617-627-3376 or it () tufts edu<mailto:it () tufts edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Snider, Jodie Sent: Friday, January 29, 2021 11:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] student systems and NIST 800-171 I would also be interested. Thank you for everyone's input on this topic. I agree. It's an important one. Jodie L. Snider Director, IT Risk & Compliance Information Technology & Finance Adjunct Faculty [cid:image001.png@01D6F638.E2E1AB10] Information Technology Services Metropolitan Community College P - 531-622-2930 ~ E - jsnider () mccneb edu<mailto:jsnider () mccneb edu> We are mission-driven. We are student-focused. We embrace our diversity. Confidentiality notice: This email message, including any attachment(s), is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. Any retransmission or use of this information may be in violation of the law. If you received this in error, contact the sender and delete the material from any computer. ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Josh Boon <educauseedu () JOSHBOON COM<mailto:educauseedu () JOSHBOON COM>> Sent: Friday, January 29, 2021 10:52 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] student systems and NIST 800-171 CAUTION: This email originated from outside Metropolitan Community College. Do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious items to IT Security. I'd be interested as well. -- Josh Boon (he/him/they/them) | curiosityfund.org 719.298.2246 | josh () dumbideas org<mailto:josh () dumbideas org> ________________________________ From: "Dave Broucek" <dbroucek () HARPERCOLLEGE EDU<mailto:dbroucek () HARPERCOLLEGE EDU>> To: "SECURITY" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Sent: Friday, January 29, 2021 11:49:13 AM Subject: Re: [SECURITY] student systems and NIST 800-171 I would be interested in a working group Regards, Dave Broucek From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Sidiqyar, Masood Sent: Friday, January 29, 2021 9:41 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] student systems and NIST 800-171 External Email. We are also looking into this very closely, knowing the need for cybersecurity related to student financial data will only increase and come from multiple directions. In addition to the federal lense, the state of TN now 'requires' FedRamp or ISO27001 certification before they provide the necessary information in support of processing lottery scholarships. The folks we've talked to at the state consider 800-171 a very low bar! I support forming an interest/working group. Best, Masood From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Harry Hoffman Sent: Friday, January 29, 2021 7:43 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] student systems and NIST 800-171 [WARNING: This email originated from outside of Vanderbilt University. Please treat this message with additional caution.] We're just starting to look into this among a broader effort around compliance. I'd be interested in what other are doing or forming an interest/working group if there's enough folks keen to do so. Cheers, Harry On Thu, Jan 28, 2021 at 11:35 AM Fugett, Julie C <jcf () ku edu<mailto:jcf () ku edu>> wrote: Is anyone aware of templates, checklists, or other guidance around performing this self-assessment? I just watched Mia Jordan's talk from the 2020 Virtual FSA training conference and while the talk was informative, she didn't provide any resources or a timeline for the self-assessment process. I'm reaching out to the contact email in the slides, but I'm wondering if I've missed something somewhere along the way. ______________________________________ Julie C. Fugett, CISSP Chief Information Security Officer KU Information Technology The University of Kansas Email jcf () ku edu<mailto:jcf () ku edu> Mobile +1 785 691 9023 Office +1 785 864 0490 She/Her/Hers From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ross Mukai Sent: Wednesday, January 27, 2021 6:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] student systems and NIST 800-171 Some slides from the 2020 student aid conference describing a compliance framework for glba + CUI The bullet points on the near-term plan on pg 18 include the 12/18/20 letter and self-assessments https://fsaconferences.ed.gov/conferences/library/2020/2020FSAConfSessionBO15.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Ffsaconferences.ed.gov-252Fconferences-252Flibrary-252F2020-252F2020FSAConfSessionBO15.pdf-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586443013-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DtwnWpHaJ0zdpfdK477BPw-252BNKHt-252BGSyMfvfP3T43umUQ-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=NWoHnUuVErnjI-C58U5j-wekIzI5ZdOqebUoNP8xwBU&e=> On Wed, Jan 27, 2021 at 2:01 PM Sam Horowitz <samh () ucsb edu<mailto:samh () ucsb edu>> wrote: https://ifap.ed.gov/electronic-announcements/121820CybersecurityProtectStudentInfoComplianceCUInGLBA<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fifap.ed.gov-252Felectronic-2Dannouncements-252F121820CybersecurityProtectStudentInfoComplianceCUInGLBA-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586453014-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DjOKRsgVlwm-252BFlEnS11N4Nv29BhOA7ZZU6ByPPViSNfo-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=zI0AZLTM2eHTLIv960QkJQZL7iwKLElUSvEHTI7uI-8&e=> ------------------------------------------- Sam Horowitz, CISSP, CISM Chief Information Security Officer he/him/his Office: (805) 893-5005 Email: samh () ucsb edu<mailto:samh () ucsb edu> On Wed, Jan 27, 2021 at 3:38 PM Alex Jalso <ACJalso () mail wvu edu<mailto:ACJalso () mail wvu edu>> wrote: Hello Everyone, In a meeting with peer institutions it was said that at the Federal level there's been discussions that university student information systems must treat resident data as CUI and have their systems be compliant with NIST 800-171 or risk losing financial aid. Has anyone heard something similar to this or received communications about it? Alex Alex Jalso, PMP, CISM, CDPSE Chief Information Security Officer Information Technology Services West Virginia University p: 304-293-4457 Defend your data. ITS will NEVER ask you for your WVU Login credentials, Social Security number or credit card information via email. NEVER click on suspicious email links or attachments, even those that appear to be from a legitimate source. Hover over links to see where they really lead before clicking on them. When in doubt, contact DefendYourData () mail wvu edu<mailto:DefendYourData () mail wvu edu>. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586463002-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DwiHeH9vlExJlo-252BosbakDTX5kW2C-252BKVCj4dk5-252BdLoucg-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=XWiwPcmblma54YowgTLpZslmU6qMWV3ZR314tR1oops&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586463002-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DwiHeH9vlExJlo-252BosbakDTX5kW2C-252BKVCj4dk5-252BdLoucg-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=XWiwPcmblma54YowgTLpZslmU6qMWV3ZR314tR1oops&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586472995-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3D3peW73RUJR-252Fw7LQncyvj6ARZD6jNh2jsLADeZIgue7c-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=hebG31BnCHkn7n-G_NQlMWmeessX1CDTzzfGXyL0RNk&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586472995-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3D3peW73RUJR-252Fw7LQncyvj6ARZD6jNh2jsLADeZIgue7c-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=hebG31BnCHkn7n-G_NQlMWmeessX1CDTzzfGXyL0RNk&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586482982-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DjLt1U8I4q2LT5AhHob2b515gWtaGY-252BVsHboxybN-252F-252BMs-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=DhJdSSmkLT3S6yTxCbFSP_fEZ265DGtlxwZU_Lo4Eng&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Cdbroucek-2540HARPERCOLLEGE.EDU-257C2868cdfa4be64abfadf008d8c46c436b-257C41791c41ffcb45e49c1d11a6b502a6d7-257C0-257C0-257C637475316586482982-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DjLt1U8I4q2LT5AhHob2b515gWtaGY-252BVsHboxybN-252F-252BMs-253D-26reserved-3D0&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=DhJdSSmkLT3S6yTxCbFSP_fEZ265DGtlxwZU_Lo4Eng&e=> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=HySEWDdnkfnmrS3XuLhVebWFjzA1msyqAFofeiVf0aw&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=vMfcx96HwL1EWlh7C08MXw&r=zsOD2xg2sMXqtDDXSStdFFJdBFQezicszFeD3jvn-EI&m=PSdUnhrQfraV-v2swiGCKSyhWkVNsyH77Ifg63M3ULk&s=HySEWDdnkfnmrS3XuLhVebWFjzA1msyqAFofeiVf0aw&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: student systems and NIST 800-171, (continued)
- Re: student systems and NIST 800-171 Sidiqyar, Masood (Jan 29)
- Re: student systems and NIST 800-171 Boyd, Daniel (Jan 29)
- Re: student systems and NIST 800-171 Curt Kappenman (Jan 29)
- Re: student systems and NIST 800-171 Pifer, Michael (Feb 02)
- Re: student systems and NIST 800-171 Boyce-Werner, Rori (Feb 02)
- Re: student systems and NIST 800-171 Mike Nowakowski (Feb 02)
- Re: student systems and NIST 800-171 Jarret Cummings (Feb 02)
- Re: student systems and NIST 800-171 Dave Broucek (Jan 29)
- Re: student systems and NIST 800-171 Josh Boon (Jan 29)
- Re: student systems and NIST 800-171 Snider, Jodie (Jan 29)
- Re: student systems and NIST 800-171 Koppel, Lorna (Jan 29)
- Re: student systems and NIST 800-171 Bertone, John (Jan 29)
- Re: [External]:Re: [SECURITY] student systems and NIST 800-171 Ferland, William (Jan 29)
- Re: student systems and NIST 800-171 Fugett, Julie C (Jan 29)
- Re: student systems and NIST 800-171 Jeremy Livingston (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Hart, Michael (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Mark Purcell (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Mark Reboli (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Chris Pack (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Theresa Semmens (Jan 29)
- Re: [EXTERNAL] Re: [SECURITY] student systems and NIST 800-171 Ron Horn (Jan 29)