From Preparation to Practice: Using the CIS Critical Security Controls to Implement NIST 800-171 Security Compliance

In our increasingly complex regulatory and threat environment, being able to demonstrate a strong, standards-based security posture is critical. NIST 800-171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations," is emerging as an important resource against which to gauge information security compliance. This workshop will outline how NIST 800-171 figures into the higher education compliance landscape. Learn how to map NIST 800-171 requirements to the CIS Critical Security Controls and benchmark to create an operational plan that demonstrates a strong, compliant security posture.

This workshop will contain a mix of lecture and hands-on activity in small groups. You may wish to bring a laptop computer with you to the session. The hands-on activity will also be demonstrated by the workshop presenter for those participants who may not wish to participate in the hands-on activity.

Outcomes: Understand what controlled unclassified information is and how to protect it * Learn how to map regulatory requirements against a security framework * Practice developing security configuration scripts to demonstrate security compliance