Monthly Webinars

NSF SECURE Center & NSF SECURE Analytics | Training Topic

Presented By: Dr. Lisa Nichols, SECURE Center Deputy Director and Dr. Kevin Gamache, Director SECURE Analytics

Dynamic Documentation: Wiki, Document as Code, and Scripted SSPs | Institutional Showcase

Maintaining accurate, audit-ready System Security Plans (SSPs) and compliance documentation is one of the most persistent challenges in regulated research. Static documents quickly become outdated, inconsistent, and difficult to scale. But what if your documentation could work smarter?

In this panel-style webinar, three practitioners from leading research institutions share how they have broken free from "framework rigidity" by adopting dynamic documentation strategies. From wiki-based approaches and document-as-code methodologies to scripting-driven SSP generation, each presenter brings a distinct and proven solution to a shared challenge.

Whether you are just beginning to modernize your compliance documentation or looking to refine your current approach, this session offers real-world insights and practical takeaways you can bring back to your institution.

Use Cases Shared By:

• Princeton University

• University of Michigan

• University of Wisconsin-Madison

Erik Deumens, Opening Remarks
Senior Director, Research Computing, University of Florida
Erik will open the session with a brief story on the value of dynamic documentation approaches in research computing environments.

Irene V. Kopaliani, PhD, C|CISO
Senior Architect, Security and Cloud, Research Computing, Princeton University
Topic: Wiki-Based Documentation Approach
Irene will present how Princeton leverages a wiki-based framework to create living, collaborative compliance documentation that stays current and accessible across teams.

Tommy Tunks
University of Michigan
Topic: Scripting to Build Dynamic SSPs
Tommy will demonstrate how scripting can be used to automate and dynamically generate System Security Plans, reducing manual effort and improving accuracy.

John Rineck
University of Wisconsin-Madison
Topic: Document as Code Methodology
John will explore the document-as-code approach, treating compliance documentation like software, enabling version control, automation, and repeatable, auditable outputs.

[Presentation | Recording]

For full descriptions, download meeting notes, and recordings 

Institutional Showcase | Community relationships and collaboration opportunities; Establish Community Inventory; Surface Community Needs; Help emerging centers through CoP and discover mentoring opportunities 

1. Dynamic Documentation: Wiki, Document as Code, and Scripted SSPs [Recording] May '26

2. From Learning Assessment to the Real Deal - How UCSD Approached the CMMC L2 Assessment [Recording] | Feb. '26

3. AI In Regulated Research: Practical Uses + Cybersecurity Considerations | [Recording] | Jan. '26 

4. Cracking into Culture: Infusing Cybersecurity into the Culture of our Research Enterprise at GTRI [Recording] | Nov. '25

5. Transforming Endpoints into Beginning Points [Recording] | Sept. '25

6. Lessons Learned - NC State’s Journey to CMMC Level 2 Compliance [Recording] | Q&A + Office Hours Transcript | Jun. '25

7. Research Security Offices: Structure, Organization and Operation [Recording] | Apr. '25

8. Tackling NIST 800-171 HPC Challenges: Insight and Lessons Learned  [Recording] | Feb. '25

9. Do you know your campus government relations team? [Recording] | Nov. '24

10. Assessment Experiences [Recording] | May '24

11. NC State Regulated Research Responsibility Ownership [Recording] | Mar. '24

12. Certifying HiPerGator for Protected Health Information [Recording] | Dec. '23

13. Debrief of first-ever - CMMC Learning Assessment [Recording] | Nov. '23

14. CU Boulder CMMC Gap Analysis  Lessons Learned [Recording] | Oct. '23

15. Climbing the NISTy Mountains: A travelers guide [Recording] | Aug. '23

16. Panel on GRC Tools [Recording] | Apr. '23

17. Financials & Cost Model [Recording] | Feb. '22

18. NIST 800-171 Compliance Journey [Recording] | Sep. '22

19. Impact of Cybersecurity on UCF Research Administration [Recording] and The UChicago Security Research Data Strategy and Secure Data Enclave [Recording]  | Nov. '22

20. System Security Plan Innovators [Recording] | Mar. '22

Researcher Focused Session | Strengthen relationships with impacted domain researcher; Gather feedback on their interests from the community; Develop collaboration opportunities

1. Facilitating Research: Intersections with Security at UCSD [Recording] | Sep. '23

2. Compliance & Researchers: Teamwork makes the dream work [Recording] | May '22

Training Topic | Establishing Community Inventory; Develop Community Skills; Address Gaps Missing at the Institutional Level

1. A journey of developing Security Guidance for High-Performance Computing (HPC) [Recording] | April '26

2.  Enhancing Institutional Cybersecurity Through 14 Controls [Recording] | March '26

3. Sustainable Documentation: Debrief of CPPC'25 Full Day Workshop [Recording] | July '25

4. What’s In or Out? Compliance Check-In [Recording] | May '25

5. Flipping the Script on CMMC with ARFL Digital Research | recording by request: info@regulatedresearch.org | Mar. '25

6. C3PAO Perspective on Sponsorship and Governance  [Recording] | Jan. '25

7. CISA Resources [Recording] | Oct. '24

8. Navigating Clinical Research Operations and Compliance [Recording] | Jul. '24

9. Debrief of "A Day with the CMMC Assessors" workshop [Recording] | Jun. '24

10. What you really need to know about HIPAA [Recording] | Apr. '24

11. CMMC 2.0 Rulemaking by Jacob Horne [Recording] | Feb. '24

12. The Path to CMMC Assessment [Recording] | Feb. '23

13. ChatGPT for CMMC Compliance [Recording] | Mar. '23

14. System Security Plan Workshop Deliverables [Recording] | May '23

15. NIST SP 800-171 R3 [Recording] | Jun. '23

16. Preparing and Engaging with Third-Party Assessors [Recording] | Aug. '22

17. Making FAQs & Documentation More User-Friendly [Recording] | Apr. ' 22

18. Convenience vs Security & Debrief from Certified CMMC Professional course [Recording] | Oct. '22

19. Tales from the IT Policy Office at the University of California [Recording] | Dec. '22

Strategic Partnership | Dedicated time to the partners to hear from the community

1. Ask the Assessor LIVE + RRCoP Resource Roundup [Recording] | Dec. '25

2. Bridging the Gap: Developing a Regulated Research Implementation Guide [Recording] | Aug. '25

3. Trusted CI & RRCoP: The Next Five Years  [Recording]| Dec. '24

4. EDUCAUSE Policy Review [Recording] | Sep. '24

5. Voices from Aligned Communities [Recording] | Jun. '22

6.  NIST guidance document for implementing controls on HPC systems [Recording] | Jan. '23

7. Department of the Navy Blue Cyber Education Series for Small Businesses and Academic/Research Institutions [Recording] | Jul. 23

8. Biomedical Programs & HITRUST [Recording] | Jul. '22

All Hands Meeting | Addressing updates from Academic and Industry

1. RRCoP Planning and All Hands [Recording] | Jan. '24

2. RRCoP Then & Now  [Recording] | Aug. '24

3. Overview of RRCoP and Planning [Recording] | Jan. '22

2026 

• • June 10 @ 2 pm EST / 11 am PST

  • July 8 @ 2 pm EST / 11 am PST

  • August 12 @ 2 pm EST / 11 am PST

  • September 9 @ 2 pm EST / 11 am PST

  • October 14 @ 2 pm EST / 11 am PST

  • November 12 @ 2 pm EST / 11 am PST

  • December 9 @ 2 pm EST / 11 am PST

2027

• • January 13 @ 2 pm EST / 11 am PST

  • February 10 @ 2 pm EST / 11 am PST

  • March 10 @ 2 pm EST / 11 am PST

  • April 14 @ 2 pm EST / 11 am PST

  • May 12 @ 2 pm EST / 11 am PST

  • June 9 @ 2 pm EST / 11 am PST

  • July 14 @ 2 pm EST / 11 am PST

  • August 11 @ 2 pm EST / 11 am PST

  • September 8 @ 2 pm EST / 11 am PST

  • October 13 @ 2 pm EST / 11 am PST

  • November 10 @ 2 pm EST / 11 am PST

  • December 8 @ 2 pm EST / 11 am PST

2028

• • January 12 @ 2 pm EST / 11 am PST

  • February 9 @ 2 pm EST / 11 am PST

  • March 8 @ 2 pm EST / 11 am PST

  • April 12 @ 2 pm EST / 11 am PST

  • May 10 @ 2 pm EST / 11 am PST

  • June 14 @ 2 pm EST / 11 am PST

  • July 12 @ 2 pm EST / 11 am PST

  • August 9 @ 2 pm EST / 11 am PST

  • September 13 @ 2 pm EST / 11 am PST

  • October 11 @ 2 pm EST / 11 am PST

  • November 8 @ 2 pm EST / 11 am PST

  • December @ 2 pm EST / 11 am PST

2029

• • January 10 @ 2 pm EST / 11 am PST

  • February 14 @ 2 pm EST / 11 am PST

  • March 14 @ 2 pm EST / 11 am PST

  • April 11 @ 2 pm EST / 11 am PST

  • May 9 @ 2 pm EST / 11 am PST

  • June 13 @ 2 pm EST / 11 am PST

  • July 11 @ 2 pm EST / 11 am PST

  • August 8 @ 2 pm EST / 11 am PST

  • September 12 @ 2 pm EST / 11 am PST

  • October 10 @ 2 pm EST / 11 am PST