Milestone heron-NIST-800-53-compliance

2 years late (11/19/15 18:00:00)

Due to GPC in Feb 2016 (GPC:ticket:337#comment:6)

The May 19 draft of the GPC data sharing agreement says "Each year, ... Participant will ... review ... security ... consistent with ... the Security Rule and NIST Special Publication 800-53".

In #2779, we learned IR has some experience with it. ticket:2894#comment:2 documents our first meeting with them toward this goal.

October target set in HeronProjectTimeline#August2015Planning.

BA to keep a biweekly meeting rhythm to conclude the project.

  1. Net Sec to look at which controls are inherited from IR's infrastructure.
  2. Net Sec to provide the list of controls.
  3. MI to work through the list of controls to comply.
  4. Final evaluation by Net Sec.
Note: See TracRoadmap for help on using the roadmap.