FISMA Charisma: Keeping Compliance in Control

Wednesday, May 07 | 2:30PM–3:30PM | Gateway Ballroom 3
Session Type: Professional Development

The long arm of the Federal Information Security Management Act (FISMA) is reaching into research universities through NIH research contracts. This appeared in 2010 when a key research program had the requirement to be "FISMA compliant." This presentation will describe how CWRU has "NISTified" the entire security program, from the broad enterprise security plan to system-specific controls, without suffering "a death of a thousand paper cuts" characteristic of the majority of government-driven compliance programs. The speakers will define the compliance realm, outline the processes implemented, and describe the spin-off value added through the strategy of building a FISMA-compliant research environment.


Gain an understanding of the problem of incorporating FISMA requirements through our experiences and lessons learned * Understand the risks and pitfalls in bending researchers to the will of NIST * Obtain a framework for decision making to assist in your research enterprise to meet the demands of a FISMA security program


  • Mark Herron

    CISO, Case Western Reserve University
  • Tom Siu

    Chief Information Security Officer, Michigan State University

Resources & Downloads