Regulated Research Community of Practice (RRCoP)
NSF # 2201028
Who is RRCoP?
**NEW** REFERENCE DOWNLOAD
Following our Advanced System Security Plan Workshop, the community produced a partially completed SSP built from a new system diagram and 42 controls designed to be a reference when working on your own SSP. [Learn More & Download]
October 11, 2023 11 am PT / 2 pm ET CMMC Gap Analysis Lessons Learned Barbara Schnell and Silas Korb, University of Colorado, Boulder, will share the lessons learned from their recent C3PAO gap assessment of their enclave. [Join]
November 8, 2023 11am PT / 2 pm ET Cyber-AB Learning Assessment UC San Diego will present on their Mock Assessment handled with the lead assessor also being Cyber-AB's curriculum manager. The primary goal was to address how Research Institutions are different from the standard assessment.
September 13, 2023 Facilitating Research: intersections with Security at UCSD [Meeting Recording]
August 9, 2023 Climbing the NISTy Mountains: A travelers guide [Meeting Recording]
July 12, 2023 Department of the Navy Blue Cyber Education Series for Small Business and Academic /Research Institutions [Meeting Recording]
June 14, 2023 NIST SP 800-171 R3 [Meeting Recording]
May 10, 2023 SSP Workshop Debrief [Meeting Recording]
April 12, 2023 Panel on GRC Tools [Meeting Recording]
March 8, 2023 Sustainable SSP? Automate Your CMMC Efforts with ChatGPT [Meeting Recording]
February 2023 The Path to CMMC Assessment [Meeting Recording]
January 2023 Updates from RRCoP Year One & NIST guidance document for implementing controls on HPC systems [Meeting Recording]
Community Objectives and Supporting Resources
Build a Community
The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.
Collect and Share Resources
Establish a leadership training and development program accelerating availability of distributed university resources.
The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.
Resource: Effective Cybersecurity for Researchers