View
16
Download
0
Category
Preview:
Citation preview
DFARS/NIST 800-171 PROGRAM OVERVIEW
J U N E 2 2 , 2 0 1 7
NIST Special Publication 800-171 – Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST 800-171)
• The purpose of this NIST publication is to provide guidance for federal agencies on how to protect federal information.
• NIST 800-171 applies to Controlled Unclassified Information (also called CUI) shared by the federal government with a nonfederal entity.
• Controlled Unclassified Information (CUI) at Georgia Tech can include, but is not limited to,:
• Federally funded research
• Health information
• Student financial aid records
• Visa records
• Department of Defense deadline for full compliance is December 31, 2017.
NIST 800-171
Which labs are in scope
Language in contracts
Producing data sets that are considered CUI
LABS IN SCOPE
PHASE 1
• Build and formalize Steering Committee and Project Committees
• Requirements gathering from stakeholders for central services
• Research peer institutions to determine their paths to compliance
• Univerity of Florida
• Purdue
• Portland State
• UC Davis
Discovery
PHASE 1
• Build and formalize Steering Committee and Project Committees
• Documented project and communications plan
• Website – www.cui.gatech.edu
• Pilot central services and identify potential labs as candidates
• Begin scoping and outlining requirements for audit program
• Begin design/development of Research Contract Lifecycle workflow
Design
PHASE 2
• Begin migrations of early adopters, concluding pilot
• Hiring compliance positions
• Begin execution of lab audits
Implementation/Integration
PHASE 3
• Fully migrate into technical environment
• Full communication/education campaign for campus
• Training and testing
• Transition into a fully operational audit and compliance service
• Complete design/development of Research Contract Lifecycle workflow
Monitor/Evaluate
CRITICAL PATH
WHAT CAN THE LABS EXPECT?
Jimmy Lummis
(404) 385-0334
jimmy.Lummis@security.gatech.edu
Jennifer Rhodes
(404) 385-3953
jennifer.rhodes@oit.gatech.edu
Blake Penn
(404) 385-5480
blake.penn@security.gatech.edu
QUESTIONS?
Print this and bring a hard copy.
LIST OF LABS IN SCOPE
Recommended