From Preparation to Practice: Using the CIS Critical Security Controls to Implement NIST 800-171 Security Compliance

Tuesday, April 10 | 1:00PM–4:30PM ET | Maryland Ballroom F, Fifth Floor
Session Type: Additional Fee Program
Delivery Format: Preconference Workshop
In our increasingly complex regulatory and threat environment, being able to demonstrate a strong, standards-based security posture is critical. NIST 800-171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations," is emerging as an important resource against which to gauge information security compliance. This workshop will outline how NIST 800-171 figures into the higher education compliance landscape. Learn how to map NIST 800-171 requirements to the CIS Critical Security Controls and benchmark to create an operational plan that demonstrates a strong, compliant security posture.

This workshop will contain a mix of lecture and hands-on activity in small groups. You may wish to bring a laptop computer with you to the session. The hands-on activity will also be demonstrated by the workshop presenter for those participants who may not wish to participate in the hands-on activity.

Outcomes: Understand what controlled unclassified information is and how to protect it * Learn how to map regulatory requirements against a security framework * Practice developing security configuration scripts to demonstrate security compliance


  • Randy Marchany

    University IT Security Officer, Virginia Tech

Resources & Downloads

  • From Preparation to Practice presentation slides

    2 MB, pdf - Updated on 4/6/2018
  • 800 171 Table 3 to 20Crits CSG 70

    20 KB, xlsx - Updated on 4/4/2018