DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf ·...

Preview:

Click to see full reader

Citation preview

DFARS/NIST 800-171 PROGRAM OVERVIEW

J U N E 2 2 , 2 0 1 7

NIST Special Publication 800-171 – Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST 800-171)

• The purpose of this NIST publication is to provide guidance for federal agencies on how to protect federal information.

• NIST 800-171 applies to Controlled Unclassified Information (also called CUI) shared by the federal government with a nonfederal entity.

• Controlled Unclassified Information (CUI) at Georgia Tech can include, but is not limited to,:

• Federally funded research

• Health information

• Student financial aid records

• Visa records

• Department of Defense deadline for full compliance is December 31, 2017.

NIST 800-171

Which labs are in scope

Language in contracts

Producing data sets that are considered CUI

LABS IN SCOPE

PHASE 1

• Build and formalize Steering Committee and Project Committees

• Requirements gathering from stakeholders for central services

• Research peer institutions to determine their paths to compliance

• Univerity of Florida

• Purdue

• Portland State

• UC Davis

Discovery

Presenter
Presentation Notes
Add list of campuses we’ve talked to.

PHASE 1

• Build and formalize Steering Committee and Project Committees

• Documented project and communications plan

• Website – www.cui.gatech.edu

• Pilot central services and identify potential labs as candidates

• Begin scoping and outlining requirements for audit program

• Begin design/development of Research Contract Lifecycle workflow

Design

Presenter
Presentation Notes
Add list of campuses we’ve talked to. Add communications notes.

PHASE 2

• Begin migrations of early adopters, concluding pilot

• Hiring compliance positions

• Begin execution of lab audits

Implementation/Integration

Presenter
Presentation Notes
Add list of labs we’ve visited already.

PHASE 3

• Fully migrate into technical environment

• Full communication/education campaign for campus

• Training and testing

• Transition into a fully operational audit and compliance service

• Complete design/development of Research Contract Lifecycle workflow

Monitor/Evaluate

CRITICAL PATH

WHAT CAN THE LABS EXPECT?

Jimmy Lummis

(404) 385-0334

jimmy.Lummis@security.gatech.edu

Jennifer Rhodes

(404) 385-3953

jennifer.rhodes@oit.gatech.edu

Blake Penn

(404) 385-5480

blake.penn@security.gatech.edu

QUESTIONS?

mailto:jimmy.Lummis@security.gatech.edu
mailto:jennifer.rhodes@oit.gatech.edu
mailto:blake.penn@security.gatech.edu

Print this and bring a hard copy.

LIST OF LABS IN SCOPE

Presenter
Presentation Notes
Ask for volunteers for Communications and Financial groups.

Recommended

Mentor-Protégé Program. Regulations DFARS 219.71 DFARS Appendix I
Documents
The NARA Rule and NIST SP 800-171 - Public Contracting Institute · 2018-03-21 · •Executive Order 13556 •NARA's Controlled Unclassified Information Rule •NIST SP 800-171 Requirements
Documents
Special Publication 800-171 - NIST · NIST Special Publication 800-171 Revision 1 . ... CUI security needs, tailored to nonfederal systems, allowing nonfederal o rganizations to comply
Documents
NIST MEP Cybersecurity Self-Assessment Handbook For ... · NIST Handbook 162 . NIST MEP Cybersecurity . Self-Assessment Handbook . For Assessing NIST SP 800-171 . Security Requirements
Documents
NIST SP 800-171 DoD Assessment Methodology, Version 1 · NIST SP 800-171 DoD Assessment Methodology, Version 1.1, March 13, 2020 ... Institute of Standards and Technology (NIST) Special
Documents
Welcome to the NIST SP 800-171 Questionnaire (Ref:1.1 ......Welcome 3.1.Access Control Welcome to the NIST SP 800-171 Questionnaire (Ref:1.1) This questionnaire is based on cyber requirements
Documents
NIST 800-171, DFARS - Florida Industrial Security Working ...fiswg.research.ucf.edu/Documents/PDF/Protecting CUI and NIST-800... · nist 800-171, dfars responsibilities for defense
Documents
IT & NICE Cybersecurity Enterprise Training Curriculum · • Cybersecurity Management (NIST Cybersecurity Framework, NIST 800-171 etc.) • Cyber Resilience Management (RESILIA)
Documents
How to Comply with DFAR 252-204-7012 NIST SP 800-171 Rev. 2 · ALL of the companies doing business with DoD will have to comply immediately with DFARS 252.204- 7012 and have a 1-3
Documents
NIST 800-171 Simplifying CUI and DFARS Compliance
Government & Nonprofit
Navigating Unclassified Information System …...Replacing NIST SP 800-53 based controls with NIST SP 800-171 NIST SP 800-171 Requirement NIST SP 800-53 Requirement (from DFARS Table
Documents
Cybersecurity Challenges - DoD Procurement Toolbox · Unclassified 18 NIST SP 800-171, Protecting CUI in Nonfederal Systems and Organizations Why NIST SP 800-171? •Developed for
Documents
Cyber Security Workshop...Cyber Security Workshop DFARS Clause 252.204-7012 / NIST SP 800-171 June 2019 Prof. Clifford Neuman Director, USC Center for Computer System Security Unclassified
Documents
NIST SP 800-171 - NIST Computer Security Resource Center · • Using NIST SP 800-171 to define requirements to protect the confidentiality of CUI; and ... The Information Technology
Documents
Controlled Unclassified Information and NIST 800-171 Unclassified Information and NIST 800-171 ... associated with the loss of this information are assessed and minimized ... Small
Documents
KEY IDEAS ASSOCIATED WITH CUI REQUIREMENTS AND DFARS … · 2019-11-07 · nor will DoD certify that a contractor is compliant with the NIST SP 800-171 security requirements. Office
Documents
NIST 800-171, DFARS - University of Central Florida CUI and NI… · DIACAP (May 2009 –October 2014) RMF (Strongly based on NIST 800-37 and 800-53) (October 2014 –Present) NIST
Documents
Get Compliant with the New DFARS 252.204-7012 ... · 8/30/2017  · comply with NIST 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations)
Documents
RESOURCES, INFORMATION AND REFERENCES NIST … › uploads › ... · Note Regarding NIST Special Publication 800-171, Revision 1, Protecting Controlled Unclassified Information in
Documents
Federal Acquisition Regulation (FAR) and Defense Federal ... Terms - FARS...outlined in NIST SP 800-171, and implemented in the applicable FAR and DFARS clauses (FAR § 52.204-21 and
Documents