Profile

CommunityPlatform_1350x900.jpg

Laura Raderman

Edit My Profile

My Content

1 to 8 of 8 total

RE: Export Control

Posted By Laura Raderman 02-28-2023 07:58:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
Export Control is technically a type of CUI (specified) under NARA's registry: https://www.archives.gov/cui/registry/category-detail/export-control.html and https://www.archives.gov/cui/registry/category-detail/export-controlled-research It has limited distribution statements in addition to the 800-171 ...

RE: Gramm-Leach Bliley Act (GLBA) Safeguards Rule Compliance Status

Posted By Laura Raderman 12-09-2022 05:54:40 AM
Found In Egroup: Cybersecurity \ view thread
Surprisingly for us the hardest issue has been the MFA requirement for "any individual" accessing in-scope systems (314.4(c)(5)) - in our case that includes parents and admitted (but not matriculated) students - using Cirrus Identity, and reducing the number of "connected systems" that are in scope. ...

RE: December meeting poll

Posted By Laura Raderman 12-02-2022 06:30:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
I'm on PTO that week, but I don't have any plans yet, so I could probably join ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ------------------------------

RE: PrivacyHawk App - data deletion request

Posted By Laura Raderman 08-26-2022 02:01:05 PM
Found In Egroup: Cybersecurity \ view thread
1. We have only gotten 2 PrivacyHawk requests, but I get about 8-9 Mine requests every week, and we've also gotten a request from Privacy Bee 2. I'm handing these as the primary access to our privacy/request email (gdpr-info@andrew.cmu.edu) 3. For PrivacyHawk, which asked us to not sell data, we responded ...

Interested in Training and Compliance?

Posted By Laura Raderman 06-23-2022 12:17:00 PM
Found In Egroup: Cybersecurity \ view thread
Come work for me at Carnegie Mellon University! Our training and awareness position is in our "GRC" organization (aka me) as much of the training we provide is compliance focused. However, our previous incumbent participated in National CyberSecurity Awareness Month, and created some great and fun training ...

RE: May Meeting Followup

Posted By Laura Raderman 06-07-2022 07:58:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
Count me in, I've already done a lot of work at CMU for our requirements (includes private Data Use agreements, so not really shareable without some massaging. ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University -------------------------- ...

RE: Good afternoon, Just joined....

Posted By Laura Raderman 06-07-2022 07:56:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
800-171 is a subset of 800-53 Moderate (the appendixes of 800-171 show the exact mapping). The appendix also describes how they determined which 800-53 controls to include (or exclude). ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ...

RE: Compliant Communication Platforms (VOIP, Zoom, Teams..)

Posted By Laura Raderman 04-12-2022 07:09:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
MS Teams in the GCC High environment claims compliance (FedRAMP High), so there is that. There's still some disagreement on whether FedRAMP is sufficient for CMMC. ------------------------------ Laura Raderman Policy and Compliance Coordinator Carnegie Mellon University ---------------------- ...