Academic Information System (SIA) Universitas Terbuka (UT) is a system that supports student registration processes in which there are many data information contain student's personal data and courses grade. Today, hacking methods are becoming more sophisticated. Securing data is a priority that requires organizations to take more proactive protection measures. In the education sector, the threat of violations regarding data security more than doubled by 103%. Therefore, it is necessary to evaluate data security to protect SIA UT using Carnegie Mellon University's Data Protection Assessment Guidelines. The results are 52.38% of 84 required controls, 21.43% of 14 recommended controls, and 0% of 1 control optional rating has been done. The rest of controls that has not been done yet will become challenge for developing and implementing a Data Protection controls in UT.