2025 Summary

We wanted to take a moment to reflect on RRCoP’s 2025, the final year of NSF Award #2409859. This year marked an important transition as the award concluded and RRCoP continued forward as a sustained national community. The work carried on not because of a grant cycle, but because institutions across the country rely on shared interpretations, coordination, and collective experience to navigate regulated research. Support from partners such as Trusted CI strengthens this work and helps ensure it remains accessible to the broader landscape. RRCoP’s identity is now clearer: we serve as a national umbrella community connecting the people, practices, and challenges that shape this space. Thank you for being part of that work as we define what comes next, together.

Brief Stats

• ~375 institutions from every state and 8 countries

• 1500+ people in the HigherEdCUI Slack community

• 30 presentations that delivered 5200 hours of attendance in 2025, with 20,165 hours of consumed presentation content since the beginning of the award in December 2021

Monthly Webinars

RRCoP has continued hosting monthly webinars featuring experts across regulated research topics. Each session provided valuable insights and practical guidance, if you missed any, here’s the 2025 list with links to their recording.

1. Perspective on Sponsorship and Governance: Panel Discussion – January

2. Tackling NIST 800-171 HPC Challenges: Insight and Lessons Learned – February

3. Flipping the Script on CMMC with AFRL Digital Research Ecosystem – March

4. Research Security Offices: Structure, Organization and Operation – April

5. What's In or Out? Compliance Check In – May

6. NC State’s Journey to CMMC Level 2 Compliance – June

7. Sustainable Documentation - Workshop Debrief – July

8. Bridging the Gap: Developing a Regulated Research Implementation Guide – August

9. Transforming Endpoints into Beginning Points – September

10. Achieving SOC 2 Compliance – October

11. Cracking into Culture: Infusing Cybersecurity into the Culture of our Research Enterprise at GTRI – November

12. Ask the Assessor LIVE + RRCoP Resource Roundup – December

13. Bonus: EDUCAUSE CG RISC hosted Rob Groome, Chief Information Officer at USC Institute for Creative Technologies (ICT), on Dec. 16th to share ICT's journey to CMMC Compliance. It is a must watch.

Ask The Assessor

RRCoP’s workshops continue to provide practice-focused settings where institutions refine strategies, test documentation approaches, and share implementation experience across complex requirements. 

1. Managing Multiple Data Types in Single Enclave - February

2. Navigating Policy Hierarchies in Support of Compliance - April

3. Security Protection Assets - June

4. Navigating Software Security in Research - August

5. Managing Lab and Specialized Equipment - October

6. Determining Readiness for an Assessment (formal answer forthcoming) – December

Workshops

RRCoP’s workshops continue to serve as deeper-dive, practice-focused sessions where institutions can test assumptions, compare documentation strategies, and surface implementation challenges.

• Avoiding ‘Shelfware:’ Building Sustainable Research Compliance Documentation as a full-day workshop delivered at EDUCAUSE Cybersecurity Privacy Professionals Conference in May. This workshop also produced a Workshop Report by a team of volunteers. [Summary Webpage]

• Regulatory Compliance for Research as a half-day workshop delivered at NSF Cybersecurity Summit in October

Advocacy

RRCoP connects institutional expertise with organizations shaping federal policy. In 2025, the community contributed to:

• EDUCAUSE / ACE / AAU / APLU / COGR FAR Case 2017-016, “Federal Acquisition Regulation: Controlled Unclassified Information” (Proposed Rule) | March 19, 2025

Broader Community Alignment

• RRCoP expanded coordination mechanisms across the larger regulated research ecosystem.

• Research on Research Security (RoRS) Cybersecurity Readiness for NSPM-33 NSF award # 2537044 focuses on how institutions are meeting NSPM-33’s cybersecurity expectations. The work stays aligned with the broader landscape through tight coordination with the SECURE Center and Trusted CI. 

  • Created a meta-community of updates for monthly community round-up information

  • Developed a broad ecosystem calendar-of-calendars spanning Research Security, Cybersecurity, Research Computing, and Cyberinfrastructure

• EDUCAUSE's Spring 2025 Regulatory Agenda Highlights

• EDUCAUSE's DFARS Changes to Integrate CMMC Requirements Effective November 10

• CASC's NIST SP 800-171 – Guidance for Research Computing and Data Centers

Thank you again for the support and continued collaboration. There’s still much to come, and more eyes than ever before are on our work.

Carolyn Ellis, RRCoP Lead

Erik Deumens, RRCoP Co-Lead

Laura Raderman, RRCoP Co-Lead

email: info@regulatedresearch.org