Profile

CommunityPlatform_1350x900.jpg

Jay Gallman

Edit My Profile

My Content

1 to 20 of 50+ total

If you're coming to Minneapolis next week...

Posted By Jay Gallman 04-25-2024 10:55:30 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
There will be a table for Research Security at Thursday's BoF lunch, so hope you can join us. I'm fond of the EDUCAUSE App, if you load it, please feel free to reach out and connect! Until then safe travels! ------------------------------ Jay Gallman Duke University Risk Advisor ---------------- ...

800-171 CG April 16th 11:00 AM EDT - NSPM-33 Readiness Deep Dive Continued

Posted By Jay Gallman 04-10-2024 05:51:16 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
At our March meeting, we looked at the cyber specific controls in NSPM-33 and applied them to some broad areas of compute that are typical to our campuses. Those categories were: Secure systems and enclaves with SSPs Computational facilities managed by central IT Computational facilities managed ...

Understanding the False Claims Act

Posted By Jay Gallman 03-26-2024 12:40:00 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
The following video is a good one to share to your campus colleagues involved in compliance beyond the cybersecurity ones. It's a good overview of the False Claims Act and how it works and at the end touches on the two cases that have been mentioned involving Higher Ed. The False Claims Act and The DOJ's ...

800-171 CG March 19th 11:00 AM EDT - NSPM-33 Readiness Deep Dive

Posted By Jay Gallman 03-12-2024 02:49:00 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, In our February meeting, we discussed selecting some of the issues identified as being of concern in the January Regulated Research Community of Practice Meeting and using them as a focus on our efforts for our coming meetings. As a result of that as CMMC continues to move along, we're ...

NIST SP 800-171 CG Meeting 2/21

Posted By Jay Gallman 02-13-2024 12:21:00 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, A quick reminder that tomorrow's Regulated Research Community of Practice meeting will feature Jacob Horne, a national leader who's made it his business to translate regulations into likely impact. Jacob is the Chief Cybersecurity Evangelist with Summit 7 and someone who's become a ...

January 16th 11:00 AM Meeting Notice for the 800-171Compliance Group

Posted By Jay Gallman 01-09-2024 12:57:09 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, I trust everyone had an enjoyable holiday season, and hopefully a restful one as well. We find ourselves fully in RFC (request for comment) season, and so we thought we'd take this meeting to share what the closing deadlines are and what EDUCAUSE is drafting under @Jarret Cummings guidance. ...

Next Tuesday's 800-171 CG Agenda (remember it's 11:00 EST)

Posted By Jay Gallman 11-17-2023 12:58:40 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, My apologies for the late notice in getting out next week's agenda. Updates from EDUCAUSE - 800-171R3 This month's RRCoP assessment presentation from UCSD: Regulated Research Community of Practice - RRCoP Recordings and Presentations - any follow up questions for Carolyn? ...

RE: RRCoP - Nov 8th - Debrief on CMMC Learning Assessment

Posted By Jay Gallman 11-09-2023 01:23:14 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, In case you missed yesterday's presentation from Carolyn and her UCSD colleagues, as well as one of their CMMC assessors, it's much watch YouTube and available here: 2023 11 UCSD Learning Assessment - YouTube, and as a bonus you'll find the Q&A here: 2023_11_ UCSD - CMMC Mock Assessment ...

800-171 Compliance CG - October 17 Meeting 11:00 AM

Posted By Jay Gallman 10-12-2023 05:40:14 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good morning, As several of us have been conferencing this month, we'll use a portion of the meeting to share what we've learned that may be of interest to the broader community. The following Federal Register notice was published 10/3/2023 and is something we should address as a community and plan ...

Regulated Research Community of Practice today

Posted By Jay Gallman 10-11-2023 06:44:00 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
I thought today's RRCoP session would be of interest to many in our CG. Note these are recorded, so if you're unable to make it, you can certainly catch it later. Today RRCoP be hearing from CU Boulder on their "CMMC Environment Gap Analysis Lessons Learned". I hope you can join us for the live Q&A ...

Default Weighting for InCommon Membership AAAI07

Posted By Jay Gallman 09-25-2023 10:04:00 AM
Found In Egroup: HECVAT Users \ view thread
Good afternoon, Single Sign On with Shibboleth, is a key consideration for Duke. InCommon is more of a nice to have extra. As such I'm wondering if anyone can explain the wisdom where AAAI01default is 25 points and AAAI07 is 40 points? I realized it's easy enough to change and do so but wondered if I'm ...

RE: September 19th Meeting - Last 10:30 EDT/EST edition

Posted By Jay Gallman 09-13-2023 06:45:01 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
My apologies to Wendy Epley for the misspelling of her last name in my initial mail! ------------------------------ Jay Gallman Duke University Risk Advisor ------------------------------

September 19th Meeting - Last 10:30 EDT/EST edition

Posted By Jay Gallman 09-13-2023 06:33:00 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good morning, I trust all is well and that your school years have settled into a normal routine. This will mark our final 10:30 meeting time, and we will shift to an 11:00 AM time starting with the October meeting. Our agenda is follows: EDUCAUSE Team announcements Nichole/Joe - Meeting time ...

RE: Compliant Communication Platforms (VOIP, Zoom, Teams..)

Posted By Jay Gallman 09-11-2023 06:01:16 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Ryan, Would you be willing to take 10-15 on this at next week's meeting? I suspect there'd be plenty of questions and ongoing discussion. Best, Jay -- Jay Gallman, GCIH Risk Advisor | IT Security Office | Duke University Phone: 919 684-8060 (this will go to VM as it's not actively monitored) ...

No 800-171 Compliance CG Meeting Next Week

Posted By Jay Gallman 08-11-2023 10:36:00 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Just a reminder, we're taking a summer break and not meeting next week. I'll get an agenda together for our September meeting closer to that date, but one thing I know we'll discuss is changing the time for our meeting, to make it a little more friendly for our colleagues in the west. Some possibilities ...

RE: July 18th Monthly Meeting 10:00 AM

Posted By Jay Gallman 07-12-2023 06:26:50 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Oops! Folks I goofed in the subject line we will meet at 10:30 EDT. My apologies to my colleagues in the west. Best, Jay Jay Gallman, GCIH Risk Advisor | IT Security Office | Duke University Phone: 919 684-8060 My Availability: Microsoft 365 Book time to meet with me Get Outlook for ...

July 18th Monthly Meeting 10:00 AM

Posted By Jay Gallman 07-11-2023 02:58:00 PM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Good afternoon, Here's our agenda for next week, which will focus on a presentation from SibylSoft and the University of Arizona. Agenda New member introductions: Who are you? Where do you work? What is your role? What brings you to our CG? Updates from EDUCAUSE Nichole ...

Update on Crosswalks being completed?

Posted By Jay Gallman 06-29-2023 11:10:00 AM
Found In Egroup: HECVAT Users \ view thread
Good afternoon, noting the comment at the top of the Crosswalks tab states "HECVAT - Full | Standards Crosswalk - TO BE UPDATED IN 2023" I was wondering if there was a more definitive update, and whether that will include moving from 800-53R4 to 800-53R5 as part of the update. Best, Jay --- ...

Opportunity for Discussion with NIST on Cybersecurity for R&D

Posted By Jay Gallman 06-29-2023 09:34:00 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Related to the topic of NSPM-33, NIST would like to hear from you around our Cybersecurity for R&D. Please see below to get yourself in a spot to speak to NIST. In August 2022, President Biden signed the CHIPS and Science Act into law to ensure that the United States maintains its technological edge ...

RE: HECVAT vs SOC 2 report?

Posted By Jay Gallman 06-15-2023 04:53:36 AM
Found In Egroup: HECVAT Users \ view thread
At Duke, we find the HECVAT still addresses things not in the SOC 2 Type 2, so we accommodate that by asking that that go the HECVAT lite route. We're a bit more rigorous than some in that unless we deem the data being stored or transited by the platform to be classified as public, we require the HECVAT ...