Regulated Research Community of Practice (RRCoP)

NSF # 2201028 

Who is RRCoP?

We are research institutions that support research subject to compliance regulations, working together to grow the knowledge pool and produce efficiencies. 

Watch the four minute introduction     [RRCoP Introduction]

Our project deliverables include:

This map represents the involved institutions with RRCoP. We have +275 Institutions. See our partners, stakeholders, and the meaning of the different icons on this map.


Following our Advanced System Security Plan Workshop, the community produced a partially completed SSP built from a new system diagram and 42 controls designed to be a reference when working on your own SSP. [Learn More & Download]

Upcoming Events

Recent Events

In these two videos, check out what the experience was from different institutions who did recent C3PAO CMMC Gap Assessments

Community Objectives and Supporting Resources

Build a Community

The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions. 

Resources: Participation, HigherEdCUI Slack, Regulated Workshop Series, and Subscribe, Regulated Research Benchmark Study, Collaborating Communities

Collect and Share Resources

Establish a leadership training and development program accelerating availability of distributed university resources. 

Resources:  Higher Education specific Resources, Related Presentations, Tools and Templates, Purdue's End to End CUI Workflow and Deliverables #NSF 1840043

Advocate and Negotiate

Develop representation through strategic partnerships with industry and government entities.

Resources: Advocating and Influencing, Federal Sponsored Resources

Manage Change

The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data. 

Resource: Effective Cybersecurity for Researchers

Simplify Compliance

A collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.

Resource: Compliance Frameworks


This project is lead by Carolyn Ellis & Erik Deumens 

Contact for more information on the project