Home page logo

educause logo Educause Security Discussion mailing list archives

Re: New VA FISMA Requirements for PIs in Research Institutions
From: Jill B Gemmill <JGemmill () UAB EDU>
Date: Tue, 13 Mar 2007 10:45:49 -0500

FISMA is a procedural framework in which NIST 800-53 Security Controls
are applied.



UAB has done some similar assessments for NIH Human Subject Contracts -
investigators have expected us to supply some template language to plug
in to their grants, while the actual requirements call for  detailed
description of the data flow, state of information at each point in the
flow, and all applicable management, technical, and physical controls.


  Jill Gemmill, PhD
  University of Alabama at Birmingham | Data Security

  205-975-2850 | jgemmill () uab edu



From: Ronnie Jefferson [mailto:RONNIE.JEFFERSON () HAMPTONU EDU] 
Sent: Monday, March 12, 2007 3:48 PM
Subject: Re: [SECURITY] New VA FISMA Requirements for PIs in Research


Thanks Connie....this is very helpful!!




Ronnie Jefferson


Data Conversion & Management Lab

Hampton University

Hampton, Va 23668

(757) 727-5928

(757) 728-6807






This message contains information which may be confidential and
privileged. Unless you are the addressee (or authorized to receive for
the addressee), you may not use, copy or disclose to anyone the message
or any information contained in the message. If you have received the
message in error, please advise the sender by reply e-mail and delete
all copies of the message.


From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
Sent: Monday, March 12, 2007 4:31 PM
Subject: [SECURITY] New VA FISMA Requirements for PIs in Research



For those of you who do research with the Veterans Administration, have
any of you been able to gather specific requirements for the very recent
requirements to comply with FISMA? As some of you may know, we have been
given requirements, and not much time to become compliant!

I have some reference documents:
and http://csrc.nist.gov/policies/FISMA-final.pdf, and

If some of you are interested, this might be something that we could
organize an audio telecon around. 

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
IT Security Officer, Brown University 
Campus Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu <mailto:Connie_Sadler () Brown edu> ,  Office:
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB 


The information contained in this message is intended only for the
recipient, and may otherwise be privileged and confidential. If the
reader of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended recipient,
please be aware that any dissemination or copying of this communication
is strictly prohibited. If you have received this communication in
error, please immediately notify us by replying to the message and
deleting it from your computer. This footnote also confirms that this
email has been scanned for all viruses by the Hampton University's
Center for Information Technology Enterprise Systems service.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]