Profile

CommunityPlatform_1350x900.jpg

Wendy Epley

Edit My Profile


My Content

1 to 20 of 20 total
Posted By Wendy Epley 06-11-2024 01:25:00 PM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi everyone! I hope you are all doing well and will be able to join us next week for our June meeting on Tuesday, June 18th at 11am Eastern / 8am Pacific. You can download the calendar invite from the Library tab on the community group page. Based on our discussion last month, we have created a ...
Posted By Wendy Epley 05-30-2024 12:19:00 PM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi Aaron, It's never too late to ask questions - that's the benefit of this group. For UArizona - we have utilized 800-53, 800-60, FIPS 199, and others as our guide. In following the guidelines, we keep our data classification schema simple with "Public", "Internal", and "Restricted". We do ...
Posted By Wendy Epley 05-01-2024 03:35:00 AM
Found In Egroup: Cybersecurity
\ view thread
I don't know about Apple product issues, but I initially had similar problems on Android last week. Those have been resolved. You can select more than one session in same time and lunches/breaks that overlap. If you click on each session you will see presenter and topic details. Hope that helps. Kind ...
Posted By Wendy Epley 04-26-2024 01:09:00 PM
Found In Egroup: NIST 800-171 Compliance
\ view thread
That is my understanding as well, Jay. There will be some tables during lunch service set up for "Birds of a Feather" (BoF) discussions. There will be 10 topics already identified, but others can suggest a new topic when they arrive. This will be a way to keep the conversations moving. Kind regards, ...
Posted By Wendy Epley 02-21-2024 01:09:51 PM
Found In Library: NIST 800-171 Compliance
The EDUCAUSE Library also now houses the comments that the association submitted to NIST at the end of January regarding the final public draft of NIST SP 800-171, Rev. 3, and the initial public draft of 800-171A, Rev. 3: https://library.educause.edu/resources/2024/2/educause-comments-nist-sp-800- ...
Posted By Wendy Epley 02-21-2024 01:06:38 PM
Found In Library: NIST 800-171 Compliance
The comments that EDUCAUSE and other groups submitted on the proposed FAR cyber incident reporting regulations in February 2024 are available from the EDUCAUSE library at: https://library.educause.edu/resources/2024/2/educause-comments-far-cyber-incident-reporting The Proposed Rule was published ...
Posted By Wendy Epley 01-05-2024 09:25:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Mitch - Thank you so much for bringing this to our attention. I had not even noticed it was still listed incorrectly on the home page description. We are working with the EDUCAUSE Administrators to get this corrected. My sincere apologies to you and others who were joining the meeting at the old time ...
Posted By Wendy Epley 12-19-2023 10:46:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
As a reminder - since October 2023, our meeting time moved to 11am EST / 8am PST. If you still have the old time on your calendars - please replace it with the new monthly meeting invite which can be downloaded from the "Library" tab in the community space within EDUCAUSE. The next meeting will be held ...
Posted By Wendy Epley 12-13-2023 11:34:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi Mike, The Organization Defined Parameters (ODP's) cause a lot of heartburn for some. ODPs are part of the tailoring process, so if there is not a predefined value as part of the control or control enhancement, then the organization should define what that parameter should be. How an organization ...
Posted By Wendy Epley 11-20-2023 07:05:00 PM
Found In Egroup: NIST 800-171 Compliance
\ view thread
sorry for the late reply... been on PTO. I can meet in December for the impromptu SSP discussion/working group, but also happy to see folks in 2024. Kind regards, ------------------------------ Wendy Epley Principal Analyst, Information Security The University of Arizona wepley@arizona.edu ...
Posted By Wendy Epley 11-20-2023 11:56:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi Nathan, UArizona follows the guidance in NIST SP 800-53 (RA-02) and NIST SP 800-60 for its data classification/impact schema. We use 3 classifications that applies to all University Information and Resources: Public, Internal, and Restricted. I think the only thing that would cause ...
Posted By Wendy Epley 11-03-2023 11:55:00 AM
Found In Egroup: HECVAT Users
\ view thread
Hi Mike, In my humble opinion, the HECVAT should serve as an aid to Vendor Risk Management. It is not a legally binding document. Sometimes the HECVAT is filled out by sales people, other times it's leadership - there really is not any consistency in who within the vendor's organization complete's ...
Posted By Wendy Epley 09-20-2023 10:12:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi everyone, For those who attended yesterday's meeting and noted the text in the Library resource had the incorrect day for our meetings; that has now been corrected. The HEISC 800-171 Compliance monthly meeting invite and details can be found on the Community's "Library" tab. There is also ...
Posted By Wendy Epley 09-19-2023 02:00:00 PM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Hi Michael, UArizona explored many third-party solutions, including ISORA, but none of them could provide us with the tools we wanted and needed. So we built our own! The tool was developed in 2018 by our then Director of Information Security and Deputy CISO. The tool has been refined and evolved ...
Posted By Wendy Epley 09-17-2023 02:12:00 PM
Found In Egroup: Cybersecurity
\ view thread
Hi Aaron, You need to consider if those printing devices are in-scope assets or not. Look at the CMMC Level 2 Scoping Guide for how to scope your assets in applying NIST SP 800-171. The documentation can be found at - https://dodcio.defense.gov/CMMC/Documentation/ For NIST SP 800-172, these ...
Posted By Wendy Epley 08-23-2023 09:20:00 AM
Found In Egroup: Cybersecurity
\ view thread
The University of Arizona explored SaltyCloud's ISORA in 2018... as we started using it we discovered that it really did not fit our needs and we did not renew the contract after 1 year. ------------------------------ Wendy Epley Principal Analyst, Information Security The University of Arizona ...
Posted By Wendy Epley 08-23-2023 09:14:00 AM
Found In Egroup: Cybersecurity
\ view thread
Hi Rusty, The University of Arizona moved away from the death-by-spreadsheet approach in 2018 and developed a software program that evolved our risk management program to a federated risk management strategy. By involving the people (IT and non-IT) from across the organization, we are able to gain ...
Posted By Wendy Epley 07-20-2023 10:03:00 AM
Found In Egroup: HECVAT Users
\ view thread
At UArizona, using the HECVAT or reviewing a SOC2 Type II is not a requirement, but are encouraged to assess a vendor's security posture through the vendor management lifecycle. Units cannot accept a contract that allows for falling out of compliance with University policy. Where the vendor lacks sufficient ...
Posted By Wendy Epley 07-18-2023 10:00:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Thank you to all who could attend today's meeting and hear the story of UASecure at the University of Arizona and how Sibylity transformed how the University manages information security and risk. As you may be aware, HEISC meetings are not recorded, so there is no video of the presentation but attached ...
Posted By Wendy Epley 07-18-2023 09:59:47 AM
Found In Library: NIST 800-171 Compliance