Access Controlhttps://library.educause.edu/topics/cybersecurity/access-controlen{611457BC-A06A-4447-974E-2714FF000FD8}https://library.educause.edu/resources/2022/9/nist-sp-800-171-toolkitNIST SP 800-171 ToolkitIn this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation.Wed, 14 Sep 2022 16:00:01 Z{D6D42435-05DE-4EEB-A49F-FA4CC52A6358}https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-templateNIST SP 800-171 Compliance TemplateHigher education institutions continue to refine their understanding of the impact of NIST Special Publication 800-171 on their IT systems and the data they receive from the federal government. This compliance template will help institutions map the NIST SP 800-171 requirements to other common security standards used in higher education, and provides suggested responses to controls listed in NIST SP 800-171.Fri, 30 Sep 2016 16:20:41 Z{A572973B-FEFF-4F02-9A4D-C6AA3106D969}https://library.educause.edu/resources/2021/7/higher-education-regulated-research-workshop-series-a-collective-perspectiveHigher Education Regulated Research Workshop Series: A Collective PerspectiveAfter an eight month effort concluding in June of 2021, 155 participants from 84 research institutions from across the United States gathered in six facilitated, NSF-sponsored workshop sessions to determine if coming together as a community could improve the support of individual programs to secure regulated data in research involving the Department of Defense or health sciences. Mon, 12 Jul 2021 19:03:31 Z{76112D0C-C230-4FE7-A5AA-0F3B5DF3D870}https://library.educause.edu/resources/2020/8/higher-education-research-cybersecurity-and-cmmc-complianceHigher Education Research, Cybersecurity, and CMMC ComplianceThis brief, a joint effort on the part of EDUCAUSE and PreVeil, was written to clarify the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) framework and to guide your institution on its journey to CMMC compliance.Fri, 07 Aug 2020 16:03:53 Z{B2AA0211-406B-4CBE-BE6E-B9784F37E1CC}https://library.educause.edu/resources/2019/8/educause-comments-draft-cui-guidelines-for-critical-programs-and-high-value-assetsEDUCAUSE Comments: Draft CUI Guidelines for “Critical Programs” and “High Value Assets”On August 2, 2019, EDUCAUSE joined the Council on Governmental Relations (COGR), the Association of American Universities (AAU), the Association of Public and Land-grant Universities (APLU), and the American Council on Education (ACE) in submitting comments to the National Institute of Standards and Technology (NIST) regarding its draft Special Publication 800-171B (NIST SP 800-171B).Tue, 06 Aug 2019 20:22:18 Z{BCDFAE04-6B3D-4F88-B322-8348617E5DFD}https://library.educause.edu/resources/2019/1/two-factor-authentication-lessons-learnedTwo-Factor Authentication: Lessons LearnedTwo-factor authentication provides a straightforward way to increase the security of online systems and resources, and implementing the technology requires cultural as well as technical change.Tue, 22 Jan 2019 17:54:38 Z{B15EAC6C-7910-4D55-B88A-3A69E43A91AD}https://library.educause.edu/resources/2019/1/7-things-you-should-know-about-federated-identity7 Things You Should Know About Federated IdentityFederation is a service provided by a third party that enables participating organizations to leverage home organizations' digital identities to access partner resources by implementing a common standard for technical interoperationWed, 16 Jan 2019 16:03:39 Z{7EBE5F17-A026-409C-B1D3-90B0FFC21F34}https://library.educause.edu/resources/2015/11/information-security-program-assessment-toolInformation Security Program Assessment ToolThis self-assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 27002:2013 "Information Technology Security Techniques.Tue, 22 Dec 2015 17:38:04 Z{E149784F-DFFA-49D2-902D-DBC8E236F28A}https://library.educause.edu/resources/2017/8/trend-watch-2017-which-it-trends-is-higher-education-responding-toTrend Watch 2017: Which IT Trends Is Higher Education Responding To?EDUCAUSE is in its third year of identifying the influence of major trends on the IT strategy of colleges and universities. This year’s list included 36 trends in the management and delivery of IT services, personal devices and personalized environments, data and analytics, teaching and learning, security and risk, and the Internet of ThingsWed, 23 Aug 2017 20:30:10 Z{5E3C95B8-38B4-4718-9955-1EDC7F54A54F}https://library.educause.edu/resources/2017/3/digital-privacy-at-the-us-border-protecting-the-data-on-your-devices-and-in-the-cloudDigital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the CloudThe U.S. government reported a five-fold increase in the number of electronic media searches at the border in a single year, from 4,764 in 2015 to 23,877 in 2016.1 Every one of those searches was a potential privacy violation. Fri, 10 Mar 2017 17:07:11 Z{6F633007-1E70-42EA-96D1-8F6EEAB2239E}https://library.educause.edu/resources/2010/2/information-access-protection-standardInformation Access & Protection StandardThis standard provides requirements for handling sensitive information that create a balance between accessibility and protection and ensure that information is not improperly changed, inadvertently or by design.Tue, 22 Dec 2015 17:25:17 Z{36C0F420-252C-41F2-8580-476318F5653E}https://library.educause.edu/resources/2016/9/nist-sp-800-171-and-cui-with-ron-ross-webinarNIST SP 800-171 and CUI with Ron Ross WebinarOn September 29, 2016, the EDUCAUSE Cybersecurity Initiative presented a virtual “coffee chat” with Ron Ross (Fellow, National Institute of Standards and Technology) so the higher education community could learn more about NIST Special Publication 800-171, Controlled Unclassified Information (CUI), and how this will impact institutions. Fri, 30 Sep 2016 16:47:41 Z{3BFFB8D2-1B09-4FC9-B580-20D0C0A3A360}https://library.educause.edu/resources/2016/6/public-key-infrastructure-technology-spotlightPublic Key Infrastructure: Technology SpotlightPublic key infrastructure (PKI) certificates form the backbone of most if not all Internet security authentication for sites and services and encrypted network transport today. Higher education is heavily invested in the technology used to create and manage these certificates. PKI supports secure data exchange and authentication over the Internet via the distribution and identification of public encryption keys.Tue, 07 Jun 2016 21:37:02 Z{746B8D17-E87F-496E-98E2-A8922E9D6883}https://library.educause.edu/resources/2016/5/7-things-you-should-know-about-remote-proctoring7 Things You Should Know About Remote ProctoringRemote proctoring allows students to take an assessment at a remote location while ensuring the integrity of the exam.Wed, 25 May 2016 15:26:30 Z{2E84777D-7804-4591-BEB5-6346F30A66EE}https://library.educause.edu/resources/2016/5/openpgp-technology-spotlightOpenPGP: Technology SpotlightOpenPGP is a nonproprietary encryption suite that uses public key encryption to exchange e-mail messages and files (either e-mail attachments or files that might be exchanged via other means, e.g., web-based transfers) between individuals within and across institutions. OpenPGP can also secure files stored on mobile devices or in the cloud. Wed, 04 May 2016 21:56:34 Z{908CE2F5-92D6-4ABD-99C0-FD1EE44CD8B1}https://library.educause.edu/resources/2016/4/an-introduction-to-nist-special-publication-800-171-for-higher-education-institutionsAn Introduction to NIST Special Publication 800-171 for Higher Education InstitutionsThis introduction to NIST 800-171 provides a brief overview of the special publication, how Controlled Unclassified Information (CUI) is defined, common types of data in higher education that “may” be called CUI, and what intuitional information should be “out of scope.” To illustrate how institutions are currently responding to NIST 800-171, three brief case studies are provided by the University of Notre Dame, the University of Pittsburgh, and North Carolina State University.Mon, 18 Apr 2016 15:39:58 Z{A07027DC-F120-4943-8161-5C71C4FBAC85}https://library.educause.edu/resources/2015/4/openid-connect-ecarwg-technology-spotlightOpenID Connect: ECAR-WG Technology SpotlightThis bulletin is one of a series of papers from ECAR working groups designed to help institutional leaders learn about and understand the implications of emerging technologies in higher education.Tue, 22 Dec 2015 17:38:07 Z{50B38DF8-60B6-4487-A5AA-D3C57F7B778C}https://library.educause.edu/resources/2015/2/oauth-ecarwg-technology-spotlightOAuth: ECAR-WG Technology SpotlightThis bulletin is one of a series of papers from ECAR working groups designed to help institutional leaders learn about and understand the implications of emerging technologies in higher education.Tue, 22 Dec 2015 17:38:07 Z{466AC079-97F6-4330-9FDF-9DB81C7F3C73}https://library.educause.edu/resources/2014/9/adapting-the-established-sis-to-meet-higher-educations-increasingly-dynamic-needsAdapting the Established SIS to Meet Higher Education's Increasingly Dynamic NeedsThis Spotlight focuses on data from the 2013 Core Data Service to better understand how higher education institutions approach student information systems (SISs).Tue, 22 Dec 2015 17:36:21 Z{D07B11B7-DAF9-411E-84D5-8F392EA76D36}https://library.educause.edu/resources/2017/10/new-federal-data-protection-requirements-impact-higher-education-institutionsNew Federal Data Protection Requirements Impact Higher Education InstitutionsIn July 2017, Deloitte and EDUCAUSE convened an expert panel to discuss the implications for higher education institutions in protecting controlled unclassified information (CUI) received from the federal government in institutional information technology systems. Tue, 17 Oct 2017 16:18:11 Z