*Corey/Dustin can correct me if I have their narrative wrong

With the State and Board of Regents very much aboard the shared services train, the CIOs have tasked us to go through a similar exercise, except for the System.  The end output here is to identify a subset of CIS controls (I view this as identifying a small, critical USHE-specific Implementation Group 1) and a set of tools / needs that would be part of the solution in achieving desired security outcomes for those controls.  Finally, this leads to Yet Another Funding Request™ to ask for the resources to make these outcomes possible.  I have no comment on the efficacy of repeated funding asks, that's not the point here.  USHE is clearly a leader in the state for shared or collaborative IT services already and this is an effort to stay in that leadership position by acting on our own terms instead of standing pat and letting the legislature/state act for/on us.

ACTION ITEMS

What I would ask of each of you is some discussion on the above:

What subset of CIS might we agree on as a USHE IG1?  (may or may not be the same 36 the UofU chose for their internal project, and I think fewer is probably better to start with)

What tools (specifically tied back to the controls we identify) might we coordinate and take advantage of shared purchasing and possible management on?

General thoughts and disposition?

I've also attached a simple spreadsheet with the UofU toolset just to get an idea of where we are at system-wide on that toolset.  Please fill it out and send it back to me and I'll compile a master list. 

Thanks,

Andrew