Unit Security Services
| Categories | Tasks | Shared Responsibilities Effort | ||||
| CoE Data Security Analyst | IT / Unit Staff | Researchers / Faculty | ||||
| NGFW | Rule Change | Implement/Request Change/Coordinate with NSO | Request | None | ||
| Troubleshoot | Primary | Request | None | |||
| GlobalProtect VPN | Consult/Participate | Request and Participate | None | |||
| Crowdstrike Falcon | Workflow Automation | Primary | Request | None | ||
| Deployment/Tag Scripting | Consult/Participate | Request and Participate | None | |||
| Detection Investigation | Consult/Participate | Primary | None | |||
| Vulnerability Management | On Demand Scans | Primary | Not Defined Yet | None | ||
| Schedule Tenable Scans | Primary | Not Defined Yet | None | |||
| Vulnerability Reports | Consult | Primary | Primary Self-Managed | |||
| Remediation | Consult | Primary | Primary Self-Managed | |||
| Serious IT Security Incident | Coordinate | Primary/Consult | Request and Participate | Participate with Local IT | ||
| Remediation | Consult | Request and Participate | Participate with Local IT | |||
| Risk Assessments | Self-Accessment | Primary/Consult | Primary | Participate with Local IT | ||
| CoE Risk Assessment | Primary | Participate | Participate with Local IT | |||
| IA Risk Assessment | Primary/Consult | Primary | Participate with Local IT | |||
| RTP | Consult | Primary | Participate with Local IT | |||
| General Security Services | Privacy | Consult | Request and Participate | Participate with Local IT | ||
| Organizational System Security Plans | Consult | Request and Participate | Participate with Local IT | |||
| Disaster Recover | Consult | Request and Participate | Participate with Local IT | |||
| Security Questions | Consult | Request and Participate | Participate with Local IT | |||
| IA SOC Coordination | Consult | Request and Participate | Participate with Local IT | |||
| Security Awareness | CAEN InfoSec Website | Primary | Reference as needed | None | ||
| BiAnnual Security Meetings | Primary | Attend | None | |||
| Security Topic Presentation to Staff Faculty and Researchers | Primary | Request and Participate | None | |||
| Network Security | Managed Router/AP | Consult/Participate | Request and Participate | None | ||
Research Security Services
| Categories | Tasks | Shared Responsibilities Effort | ||||
| MichEngin DSA | IT Staff | Researchers | ||||
| PCI | Security Architect (ITS) | NA | NA | NA | ||
| Treasurer's Office | Consultant | Primary | NA | |||
| Risk Assessment | Consultant | Participate | NA | |||
| RTP | Consultant | Primary | NA | |||
| FISMA | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| SSP Creation | Primary | Participant | Participant | |||
| SSP Implementation | Consultant | Primary | Participate | |||
| SSP Submission | Primary | Participant | Participant | |||
| RISK Assessment | IA Coordination / Participant | Primary | Participant | |||
| RTP | Consultant | Primary | Participant | |||
| CUI | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| SSP Creation | Primary | Participant | Participant | |||
| SSP / ARC Implementation | Consultant | Support ARC and Researchers | Participant | |||
| SSP Submission | Primary | Participant | Participant | |||
| RISK Assessment | IA Coordination / Participatant | Primary | Participant | |||
| Export Control | TCP Discovery | Consultant | Primary | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| TCP Creation | Consultant | Primary | Participant | |||
| TCP Implementation | Consultant | Primary | Participant | |||
| TCP Submission | Consultant | Participant | Primary | |||
| RISK Assessment | IA Coordination / Participatant | Primary | Participant | |||
| FAR 52.204-21 | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| SSP Creation | Consultant | Primary | Participant | |||
| SSP implementation | Consultant | Primary | Participant | |||
| SSP Submission | Consultant | Participant | Primary | |||
| RISK Assessment | IA Coordination / Participatant | Primary | Participant | |||
| HIPPA | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| RISK Assessment | IA Coordination / Participatant | Primary | Participant | |||
| Michigan Medicine Corporate Compliance approval | Primary | Participant | Participant | |||
| 3rd Party Vendor Security and Compliance | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| PSSP Creation | Consultant | Primary | Participant | |||
| 3rd Party Information Security Requirements (TPISR) (e.g., GM) | SSP Discovery | Primary | Participant | Participant | ||
| Security Architect | Consultant | Primary | Participant | |||
| PSSP Creation | Primary | Participant | Participant | |||