Profile

CommunityPlatform_1350x900.jpg

Laura Raderman

Edit My Profile


My Content

1 to 10 of 10 total
Posted By Laura Raderman 05-10-2024 08:41:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
You could have them automatically unlock as well, there's no specific requirement on who or how the accounts unlock, only that they lock to start with. So, it's completely reasonable to have the accounts lock out after 5 failed attempts within 10 minutes, and they automatically unlock after 10 minutes ...
Posted By Laura Raderman 05-10-2024 06:58:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
r2 only says "limit unsuccessful logon attempts", with the AOs being: [a] the means of limiting unsuccessful logon attempts is defined; and [b] the defined means of limiting unsuccessful logon attempts is implemented There is no requirement of a lockout. r3 however, specifically requires a ...
Posted By Laura Raderman 02-28-2023 07:58:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Export Control is technically a type of CUI (specified) under NARA's registry: https://www.archives.gov/cui/registry/category-detail/export-control.html and https://www.archives.gov/cui/registry/category-detail/export-controlled-research It has limited distribution statements in addition to the 800-171 ...
Posted By Laura Raderman 12-09-2022 05:55:00 AM
Found In Egroup: Cybersecurity
\ view thread
Surprisingly for us the hardest issue has been the MFA requirement for "any individual" accessing in-scope systems (314.4(c)(5)) - in our case that includes parents and admitted (but not matriculated) students - using Cirrus Identity, and reducing the number of "connected systems" that are in scope. ...
Posted By Laura Raderman 12-02-2022 06:30:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
I'm on PTO that week, but I don't have any plans yet, so I could probably join ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ------------------------------
Posted By Laura Raderman 08-26-2022 02:01:00 PM
Found In Egroup: Cybersecurity
\ view thread
1. We have only gotten 2 PrivacyHawk requests, but I get about 8-9 Mine requests every week, and we've also gotten a request from Privacy Bee 2. I'm handing these as the primary access to our privacy/request email (gdpr-info@andrew.cmu.edu) 3. For PrivacyHawk, which asked us to not sell data, we responded ...
Posted By Laura Raderman 06-23-2022 12:17:00 PM
Found In Egroup: Cybersecurity
\ view thread
Come work for me at Carnegie Mellon University! Our training and awareness position is in our "GRC" organization (aka me) as much of the training we provide is compliance focused. However, our previous incumbent participated in National CyberSecurity Awareness Month, and created some great and fun training ...
Posted By Laura Raderman 06-07-2022 07:58:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
Count me in, I've already done a lot of work at CMU for our requirements (includes private Data Use agreements, so not really shareable without some massaging. ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University -------------------------- ...
Posted By Laura Raderman 06-07-2022 07:56:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
800-171 is a subset of 800-53 Moderate (the appendixes of 800-171 show the exact mapping). The appendix also describes how they determined which 800-53 controls to include (or exclude). ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ...
Posted By Laura Raderman 04-12-2022 07:09:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
MS Teams in the GCC High environment claims compliance (FedRAMP High), so there is that. There's still some disagreement on whether FedRAMP is sufficient for CMMC. ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ---------------------- ...