Trusted CI Webinar: NIST 800-171 Compliance Program at University of Connecticut with Jason Pufahl

Pufahl, Jason

Permalink

https://hdl.handle.net/2142/100868 Copy

Description

Title

Trusted CI Webinar: NIST 800-171 Compliance Program at University of Connecticut with Jason Pufahl

Author(s)

Pufahl, Jason

Issue Date

2018-08-27

Keyword(s)

• CCoE
• NSF
• Webinar
• NIST 800-171 Compliance

Abstract

NOTE: Please contact Jason Pufahl directly to request a copy of the spreadsheet discussed in the presentation: jason.pufahl@uconn.edu The Department of Defense established DFARS 252. 204-701 which specifies that any research containing Controlled Unclassified Information (CUI) be protected using NIST 800-171. This presentation will discuss the University of Connecticut's approach to implementing the NIST 800-171 framework, including: Contracting, Faculty Engagement, Infrastructure Implementation, Training and Controls Review. The intention of this presentation is to provide a complete picture of what compliance with the NIST Standard requires. I will endeavor to describe the entire compliance process starting from conceptualization of the technology solution through to the post implementation review. The talk will be designed to appeal to compliance staff, technical staff and project managers and will emphasize elements required to build and sustain the compliance program. I will discuss the technology elements of our solution, generally, but will focus on how the technologies chosen met our goals of managing as many of the compliance requirements centrally as practical while providing a flexible solution. Jason Pufahl is the Chief Information Security Officer for the University of Connecticut. He has 20 years of infrastructure and information security experience and has spent the last 10 years dedicated to information security and privacy. He has responsibility for information security for the institution, encompassing security awareness and training, disaster recovery, risk management, identity management, security policy and regulatory compliance, security analytics, and controls implementation. Jason works closely with both the administrative and academic areas of the University. He is a member of the University’s Data Governance Committee, Joint Audit and Compliance Committee, and Public Safety Advisory Committee. He is also member of the University IRB with a primary focus of improving data privacy and security practices related to institutional research. Jason has a Master’s in Education Technology and has a passion for professional development, security training and awareness. He designed and ran an information security and awareness game called HuskyHunt, founded the Connecticut Higher Education Roundtable on Information Security (CHERIS) to provide a quarterly forum for sharing of best practices in the field of information security targeted at higher education institutions in Connecticut and is active in the security community nationally. He is a frequent conference speaker and is a member of the NERCOMP vendor and licensing committee.

Type of Resource

• text
• image

Language

en

Permalink

http://hdl.handle.net/2142/100868

Sponsor(s)/Grant Number(s)

NSF Grant #1547272

Copyright and License Information

Copyright © 2019 The Trustees of Indiana University. This work is licensed under a Creative Commons Attribution-­NonCommercial 3.0 Unported (CC BY­NC 3.0) license.

Owning Collections