The document summarizes key points from a COGR (Council on Governmental Relations) meeting held in Washington, DC, focusing on the management, compliance, and costs associated with implementing NIST SP 800-171 standards at the University of Central Florida (UCF). It presents an overview of UCF's project portfolio related to these cybersecurity controls, noting significant growth between 2016 and 2017 both in the number of NIST 800-171 projects and the value of awards, as well as comparisons with similar projects involving export control requirements from agencies such as NASA and the Department of Defense. The document highlights pending proposals, demonstrating a trend toward increasing compliance requirements and associated budgets.
Additionally, the summary provides detailed insights into the administrative and financial burdens imposed by NIST 800-171 compliance at UCF. It quantifies the personnel required—including system administrators, IT security analysts, and export control staff—and calculates recurring costs for salaries. It further details infrastructure and maintenance expenditures, covering non-recurring consulting and hardware investments as well as ongoing maintenance and support, culminating in total annual implementation costs exceeding $1.4 million in FY 2018 and over $1.1 million in FY 2019. The data collectively underscore the significant operational and financial demands placed on research institutions to meet evolving federal cybersecurity standards.
