How to apply NIST 800-171 Control 03.01.09 (System Use Notification) to a Globus Mapped Collection
Karl Kornel
Hello!
As we work to implement NIST 800-171 compliance in our genomics compute environment, I am wondering how to apply Control 03.01.09 to our Globus Mapped Collection. I’d like to know if anyone has already thought about how to do this.
To save folks the time of looking it up again, Control 03.01.09, “System Use Notification”, says to “Display a system use notification message with privacy and security notices
consistent with applicable CUI rules before granting access to the system.” The Discussion section of the control has the following paragraph:
System use notifications can be implemented using messages or warning banners. The messages or warning banners are displayed before individuals log in to a system
that processes, stores, or transmits CUI. System use notifications are used for access via logon interfaces with human users and are not required when human interfaces
do not exist. Organizations consider whether a secondary use notification is needed to access applications or other system resources after the initial network logon. Posters or other printed materials may be used in lieu of an automated system message.
My first thought is to set a User Message on the Mapped Collection, with a User Message Link that points to a page with more information. However, the message is displayed after the user has logged in, and the Control’s discussion clearly says to display the message “before individuals log in”. So I decided to ask folks: What are you doing to implement this control with your Globus Mapped Collection?
--
A. Karl Kornel | Info. Sys. Specialist
UIT Research Computing | Stanford University
Patrick Gavin
Patrick Gavin (He/Him) Systems Administrator Central IT Systems & Services Cal Poly Humboldt Email: Patric...@humboldt.edu
This e-mail was written without the assistance of ChatGPT
To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@globus.org.