About RRCoP Community
NSF # 2201028 & 240985, Interagency Agreement #A2407-049-089-064206.0
Embedded Files
[NEW] October 2025 Edition of Ask the Assessor: Specialized and Lab Equipment
December 2021 - August 2025
The Regulated Research Community of Practice was created from the NSF project #2409859 "CICI: UCSS: Building a Community of Practice for Supporting Regulated Research". It was an active NSF project from December 2021 - August 2025 under # 2201028 and #2409859.
This project worked towards these primary objectives:
Build a Community - The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.
Resources Developed: Participation, HigherEdCUI Slack, Regulated Workshop Series, and Subscribe, Regulated Research Benchmark Study, Collaborating Communities, Partnerships
Build Resources - Establish a leadership training and development program accelerating availability of distributed university resources.
Resources: Higher Education specific Resources, Related Presentations, Tools and Templates, Purdue's End to End CUI Workflow and Deliverables #NSF 1840043
Advocate and Negotiate - Develop representation through strategic partnerships with industry and government entities.
Resources: Advocating and Influencing, Federal Sponsored Resources
Manage Change - The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.
Resource: Effective Cybersecurity for Researchers
Simplify Compliance - A collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.
Resource: Compliance Frameworks,
October 2024 - September 2029
October 2024 - September 2029 Brought RRCoP closer to Trusted CI as a formal partner.
The objectives for this five years includes:
Foster an Assessment-Ready Community
Adapt to evolving learning needs gathered through feedback
Generate resources such as training, workshops, and webinars
Assess and measure institution compliance maturity
Build Alignment, Awareness and Advocacy
Craft and nurture strategic relationships with aligned communities
Develop awareness materials to support institutional compliance
Deliver expert guidance to external advocacy partners
Cultivate RRCoP Advancement
Expand and support growth to new communities
Enhance community sustainability
Leverage partner expertise
Mission of the project
The daily news clearly shows the increasing threat to safety and privacy of data, personal as well as intellectual property. While the requirements such as DFARS 7012, HIPAA, and Cybersecurity Maturity Model Certification (CMMC) improve the consistency of data handling between agencies and contractors and grantees, it leaves academic institutions to figure out how to meet such requirements in a cost-effective way that fits the research and education mission of the institution. Most institutions, agencies, and companies act in isolation with one-off contract language to address data security and safeguarding concerns. Even though cybersecurity has a clear and uniform goal of protecting data, a onesize solution does not fit all academic institutions.
By supporting this community with development of a community strategic roadmap, regular discussions and workshops, and a repository of generalized and specific resources for handling regulated research programs RRCoP lowers the barrier to entry for institutions handling new regulations.
In October of 2024, RRCoP joined Trusted CI: NSF Cybersecurity Center of Excellence www.trustedci.org that is supported by the National Science Foundation under Interagency Agreement #A2407-049-089-064206.0. Trusted CI empowers trustworthy discovery and innovation funded by NSF by partnering with research cyberinfrastructure (CI) operators to build and maintain effective cybersecurity programs that secure the progress of NSF-funded research. The center started in 2012 and consists of a multi-institutional, cross-functional team that addresses the complex challenges facing NSF’s cyberinfrastructure research ecosystem.
For the project period, October 2024 - September 2029, RRCoP will fulfill Trusted Ci's new expanded services now supporting regulated research.
December 2021 - December 2024 Project Deliverables
RRCoP deliverables include:
Monthly meeting cadence with rotating topics and activities including: All Hands Meetings, Established and Emerging Institutional Showcases, Researcher Focus, Training, Webinars, Assessment and Planning, and Strategic Partnerships [View Webinars]
Three full or six half-day workshops & training events
May 2023 - Full Day Advanced System Security Plan Workshop Created Output: Community-created SSP,
May 2024 - Full Day "A Day with CMMC Assessors" Output created: Workshop Report
October 2024 Half Day "Regulatory Compliance for Research: DFARS, CMMC, HIPAA, GDPR, NSPM-33"
October 2024 Half Day "Why Strong Data Protection Programs Are Vital for Higher Education Research"
coming soon - May 2025 - Full Day - Avoiding Shelfware: Building Sustainable Research Compliance Documentation
Repository of generalized and specific resources (templates, standards, best practices)
Central hub for communication within CoP and with the Partners HigherEdCUI Slack community
Community strategic roadmap (current and future needs)
Page updated
Google Sites
Report abuse