Along with the development of technology and information that is growing rapidly, currently the competition between educational institutions is getting stronger. If an institution is not able to keep up with the progress of information technology which is developing very quickly, it is certain that the institution will be left very far behind from all sides. However, there are things that really need to be considered due to the development of information technology, namely the consideration of the security of information systems owned by the Institution. For that we need an analysis and evaluation of the information system used to identify security in the information system. If the analysis and evaluation is not carried out, problems will arise related to the security of an information system such as data that is vulnerable to threats such as damaged and lost data so that the data becomes invalid. If the data is not valid, it is certain that the information generated will also not be reliable. Evaluation of information system security can be done with the framework. NIST is a framework that can be used to evaluate and identify security and risks in information systems. The information system security evaluation process is carried out by distributing questionnaires to the academic community in accordance with the NIST SP 800-26 framework and the data is managed to obtain the final result. The results of the academic information system security evaluation have an overall final score of 91.6%. The total value is obtained from the results of the number of calculations based on 3 components of the criteria tested, namely management control, operational control, and technical control. And from the 3 assessment criteria there are 17 sub-criteria that exist in each criterion. Based on this data, the security of the academic information system at AMIK Tunas Bangsa is included in the level 2 category, namely Documented Procedures.