Abstract
The Higher Education Information Security Council (HEISC), hosted by EDUCAUSE and Internet2, is pleased to submit comments to the NIST Request For Information on Developing a Framework to Improve Critical Infrastructure Cybersecurity. Although colleges and universities are not identified as a critical infrastructure in current government policy, we are owners and operators of some of the largest and most powerful computer systems in the world and our interdependencies with both the government and private sector make institutions of higher education an important player in the overall cyber ecosystem.
The comments pull from open meetings held by HEISC with the higher education community to develop responses to as many of the questions as possible. The RFI questions focus on three areas: Current Risk Management Practices; Use of Frameworks, Standards, Guidelines, and Best Practices; and Specific Industry Practices.