Mission: All Together

Cybersecurity Shared Services Project

The CHESS Cybersecurity Shared Services Project’s primary focus is to create a unified, consistent baseline of cybersecurity for member colleges to ensure data integrity and security as we move forward with other shared services in the future. The six member colleges, along with the CHESS entity, have agreed to use the National Institute of Standards and Technology (NIST) as the cybersecurity framework to guide the design of the work.

For more information contact:

Mindy Watson, Project Director
info@chess.edu
505-226-1260

Cybersecurity Grant Goals

Create, update Acceptable-Use policies for all 6 member institutions and the CHESS organization.
Create, update (Remote) Access Control and Identity Management policies for all 6 member institutions and the CHESS organization.
Create, update Incident Response policies for all 6 member institutions and the CHESS organization.
Create, update Vendor (Risk) Management policies for all 6 member institutions and the CHESS organization.

Identify and remediate identified system weaknesses through Penetration Testing for all member entities.
Identify and remediate incident response weaknesses and vulnerabilities through Table-Top exercises for all member entities.
Develop routinization of continued vulnerability testing to identify and mitigate future network security vulnerabilities.
Demonstrate end-user knowledge of their role in preventing network penetration through Campus Awareness Training for all member entities.

Establish immutable storage for CCC, LCC, and NNMC.
Identify and remediate any deficiencies in GLBA Compliance for CCC, LCC, SFCC, and SJC.
Identify and remediate any PCI tested deficiencies for LCC, NNMC, and SFCC.
Identify, purchase, and install Endpoint Protection and threat response for SFCC.

5-Year Project Outcomes:

Ensure network security and stability of CHESS shared services and technologies.
Establish network security shared services through CHESS to support member colleges to reduce institution-level fiscal impact.
Provide cybersecurity program management shared services to provide knowledge resources and cybersecurity personnel stability for member institutions.

This project is being funded by the US Department of Education.