FISMA Charisma: Keeping Compliance in Control
The long arm of the Federal Information Security Management Act (FISMA) is reaching into research universities through NIH research contracts. This appeared in 2010 when a key research program had the requirement to be "FISMA compliant." This presentation will describe how CWRU has "NISTified" the entire security program, from the broad enterprise security plan to system-specific controls, without suffering "a death of a thousand paper cuts" characteristic of the majority of government-driven compliance programs. The speakers will define the compliance realm, outline the processes implemented, and describe the spin-off value added through the strategy of building a FISMA-compliant research environment.
Gain an understanding of the problem of incorporating FISMA requirements through our experiences and lessons learned * Understand the risks and pitfalls in bending researchers to the will of NIST * Obtain a framework for decision making to assist in your research enterprise to meet the demands of a FISMA security program
CISO, Case Western Reserve University
Tom SiuChief Information Security Officer, Michigan State University