Past Recordings and Presentations
System Security Plan Workshop (most recent)
Institutional Showcase | Advanced System Security Workshop - Summary
On May 1st 2023, RRCoP hosted it's first full day workshop at EDUCAUSE Cybersecurity Privacy Professionals Conference to develop a portion of an SSP together. This included 60 individuals, representing 45 different institutions. We came together to learn where others landed on their implementations to 42 of the most challenging controls. During this talk, we will review the outputs of this first of its kind workshop, and then discuss how we will move forward with what was developed.
NIST Guidance Document for Implementing controls on HPC (top content)
Presented by: Erik Deumens, University of Florida
Wednesday, January 11th, 2023 | Established Institutional Showcase
1) A debrief from the December Stakeholder Advisory Board presented by Carolyn Ellis, University of California, San Diego
2) NIST Guidance for Implementing controls on HPC Erik Deumens will provide a short status report on CMMC and a preview on work done by NIST on a guidance document for implementing controls on HPC systems.
Automate Your CMMC Efforts with ChatGPT (top content)
Presented by: Derrich Phillips, AspireCyber
Wednesday, March 8th, 2023 | Training Topic
ChatGPT is a powerful natural language processing tool that can help defense contractors automate their CMMC efforts. With ChatGPT, you can easily create custom chatbots to assist with tasks such as: 1. Auditing and assessment 2. Reporting and documentation 3. Real-time guidance and feedback 4. Reminders for certification renewals and updates
[Presentation & Full ChatGPT Conversation | Meeting Recording]
Financials & Cost Model (top content)
Presented By:
Erik Deumens, University of Florida
Preston Smith, Purdue University
February 9, 2022 | Established Institutional Showcase | Financials & Cost Model history of Purdue University and University of Florida. Presentations include: Preston Smith of Purdue University and the 7 years of cost models with the lessons learned. Erik Deumens discusses University of Florida's journey to their current cost model. [Presentation + Q&A | Meeting Recording]
Debrief from Certified CMMC Professional course (top content)
Presented by: Laura Raderman, Carnegie Mellon University
October 12, 2022 | Training Topic
“Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white?
System Security Plan Innovators (top content)
Presented By:
Eric Gill, Georgia Tech
Cal Frye, Case Western Reserve University
March 9, 2022 | Training Topic | System Security Plan Innovators Check out what Georgia Tech and Case Western Reserve University are doing to streamline their SSPs. Eric Gill of Georgia Tech shares how they process and track multiple SSPs in a highly distributed environment. Cal Frye of Case Western Reserve shares and request community feedback on their proposed plan to make their SSP a sustainable, living document. [Presentation + Q&A | Meeting Recording]
Making FAQs & Documentation More User Friendly
Presented By: Anurag Shankar, Indiana University
April 13, 2022 | Established Institutional Showcase | Making FAQs & Documentation More User Friendly Communicating security and compliance to campus researchers is a challenge for institutional cybersecurity. Anurag Shankar from Indiana University talks about how IU is meeting this challenge through its SecureMyResearch service which uses a new approach to weaving security and compliance into research workflows through online documentation and consulting. [Presentation + Q&A | Meeting Recording]
Compliance & Researchers: Teamwork makes the dream work
Presented By:
Karen Bell, University of Memphis
Jodi Ito, University of Hawaii
May 11, 2022| Researcher Focused Session |Compliance & Researchers: Teamwork makes the dream work |Karen Bell shares how departments at University of Memphis work together to support research compliance and encourage researchers to meet federal requirements. Jodi Ito shares how researcher focused workshops have resulted in stronger relationships through the entire workflow at University of Hawaii. [Presentation + Q&A | Meeting Recording]
Voices from Aligned Communities
Presented By:
Carolyn Ellis
Michael Corn
Sarah Schlagter
Jay Gallman
Erik Deumens
June 8, 2022 | All Hands Meeting | Updates and contributions from aligned communities Brief updates of the activities happening beyond RRCoP that have impact on this community.
Assorted Updates: RRCoP Website / July Agenda / COGR / FDP
CMMC-Academic Advisory Council (CMMC-AAC)
Association of Export Control Officers (AUECO)
EDUCAUSE 800-171 Compliance Community Group
Coalition for Academic Scientific Computation (CASC)
The Path to CMMC Assessment
Presented by: Amy Starzynski Coddens, REN-ISAC
Wednesday, February 8th, 2023 | Training Topic
What does the path to CMMC assessments looks like including: CCP & CCA objectives, what a training would look like and then briefly touch on how an actual assessment would happen.
Indiana University's HIPAA Journey & Introduction to HITRUST
Presented By:
Anurag Shankar, Indiana University
Michael Parisi, HITRUST
July 13, 2022| Training Topic
HIPAA and Protected Health Information (PHI) have been a presence within healthcare and medical schools since 2005. In the years since, they have been a leaking steadily into central IT and HPC centers as biomedical research computing needs have grown. This month Anurag Shankar from Indiana University talks about how IU implemented HIPAA for its central research cyberinfrastructure in 2007 and how its approach has evolved since then.
HITRUST presents the various resources, tools and solutions available for organizations to leverage in managing risk and compliance in the most efficient and effective way possible. They walk through how their programs allow organizations to “assess once, report many” as it relates to executed one validated assessment to provide assurances over compliance with multiple authoritative sources including HIPAA, NIST, CMMC, ISO, etc.
Preparing and Engaging in Third-Party Assessors
Presented By:
Erik Deumens, University of Florida
Damon Armour, North Carolina State University
August 10, 2022 |Training Topic
Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.
Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs.
Compliance Journey
Presented By:
Laura Raderman, Carnegie Mellon University
September 14, 2022 |Established Institutional Showcase & Discussion
Compliance Journey
Laura Raderman shared Carnegie Mellon University's journey to NIST 800-171 compliance including challenges, developing templates, setting up several enclaves, and the external audits they've participated in.
Community Check-in discussion. What should we focus on as a community? Opportunities for engagement. Note: portion was not recorded, but notes do exist following the slide deck.
Convenience vs Security
Presented by: Irene Kopaliani and Curt Hillegas, Princeton University
October 12, 2022 | Institutional Showcase
“Convenience vs Security” Irene Kopaliani and Curt Hillegas discusses how Princeton University strikes a balance between convenience and security.
Impact of Cybersecurity Compliance on UCF Research Administration
Presented By: Tammie McClellan, University of Central Florida
Wednesday, November 9th, 2022 | Institutional Showcase
Panel on GRC Tools
Presented by:
Thomas Brown, University of Florida
Raina Collins, University of Alaska
Alex Magid, Clark University
Brian Martinez, Michigan State University
Wednesday, April 12th, 2023 | Training Topic
GRC (Governance, Risk, and Compliance) tools help organizations manage and monitor their performance against various regulatory, industry-specific, and internal policies and standards. It helps streamline and automate processes related to risk management, compliance, and governance, allowing organizations to effectively identify, assess, and mitigate potential risks and compliance issues.
This panel discussion features 4 institutions running various GRC tools to share their experiences and insights. Learn how these tools have transformed their businesses and discover the potential benefits for your own organization.
Tales from the IT Policy Office at the University of California
Presented by: Robert Smith, University of California
Wednesday, December 14th, 2022 | Established Institutional Showcase
In this talk Robert Smith, University of California, covered:
How policy is developed and approved at the University of California
This will include key roles and a process overview
How we engage the community and one really big success
Policy tension at UC today and probably at your institution too
IT Policy and others, no silos here
The UChicago Research Data Strategy and Secure Data Enclave
Presented by: H. Birali Runesha and Steven Aldape, University of Chicago
Wednesday, November 9th, 2022 | Institutional Showcase
The UChicago Security Research Data Strategy (SRDS) and Secure Data Enclave (SDE): The journey and lesson learned.
Overview of RRCoP and planning
Presented By:
Carolyn Ellis, University of California, San Diego
Erik Deumens, University of Florida
January 12, 2022 | All Hands Meeting | Overview of RRCoP and planning discussions of topics for RRCoP to contribute towards the needs of the community [Presentation | Meeting Recording]