Documentation
HECVAT Full v3.0.6
Documentation
DOCU-05

Question DOCU-05

Can the systems that hold the institution's data be compliant with NIST SP 800-171 and/or CMMC Level 2 standards?

Weight20
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe any plans to provide NIST SP 800-171 or CMMC Level 2 services.

Answering "YES"

if you have a third-party hosting provider, please provide how you comply with 800-171 where your third party uses a shared responsibility mode.

Reason for Question

For institutions that collaborate with the United States government, FISMA compliance may be required.

Follow-Up Inquiries

Follow-up inquiries for FISMA compliance will be institution/implementation specific.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]

DOCU-04DOCU-06