This overview provides a review of the timeline that introduced NIST SP 800-171 "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" as a compliance framework, an overview of the control families for the 110 controls and a discussion of the impacts and concerns for higher education.
Biography20+ years in Information Technology roles. 14+ years in a leadership role in Information Security. Of those 20+ years, over 15 have been at state funded academic institutions. In addition, I earned my MBA in May 2008, which greatly aided me in fulfilling my goal of integrating information security into all facets of an entityʼs operations. To formalize my information security experience, I obtained a CISSP certification in May 2011, a CISM certification in September 2012 and recently a GIAC Strategic Planning, Policy, and Leadership (GSTRT) in 2019. Focus areas: Data Governance/Management IT/Cybersecurity Strategic Planning IT Risk Management Policy, Compliance Cybersecurity Awareness, Education & Training IT Governance, Risk & Compliance solutions NIST 800-171, CSF, RMF Privacy Frameworks
In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation.
The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.