Past Recordings and Presentations

Debrief of "A Day with the CMMC Assessors"  (most recent)

CPPC’24 – "A Day with the CMMC Assessors" debrief | Training Topic 

Presenters: Louis Daher, University of Michigan | Erik Deumens, University of Florida | Jesus Olmedo, Midland University | William Haskell, Buffalo University |  Tina Rimbeck, Buffalo University | Christian Sousa, Colorado University | Cynthia Grigorescu, University of Illinois

May 1, 2024 at the EDUCAUSE Cybersecurity Privacy Professionals Conference, a full day workshop titled "A Day with the CMMC Assessors" was held.  This was taken from the Abstract of the workshop: "In this year’s advanced skill workshop, attendees will gain a better understanding of preparation required for the eventual third-party Cybersecurity Maturity Model Certification (CMMC) assessment for research enclave(s) and labs by engaging with the Certified CMMC Assessors (CCAs). This session will feature presentations and discussions with CCAs sharing exclusive lessons learned and tips. As an EDUCAUSE event, content is tailored towards assessing research activities by recognizing both the similarities and the differences between large prime contractors and higher education institutions. By attending this workshop, attendees should expect to gain or build upon their fundamental grasp of cybersecurity compliance requirements for CMMC, enabling the organization to be prepared for CMMC assessments in higher education and be better prepared for engaging with Certified Third-Party Assessment Organizations (C3PAOs).  This can ultimately help reduce an institution’s cost to CMMC compliance."

This presentation will focus on the learning outcomes from this full day workshop. 

Day of Resources: [ Presentation | Meeting Recording | Comment window for the Full Report through June 30th

CMMC 2.0 Rulemaking (top content)

Training Topic | February 2024

Presented By:  Jacob Horne, Chief Cybersecurity Evangelist

CMMC 2.0 rulemaking has an open comment window for through February 26th, 2024. Jacob covers a few items that will be important to take note of and voice your comments. [Presentation | Q&A | Recording

Resulting in the open letter EDUCAUSE / ACE / AAU / APLU / COGR /  Cybersecurity Maturity Model Certification (CMMC) Program submitted February 26, 2024

Debrief of first ever - CMMC Learning Assessment (top content)

Training Topic  Presented By: 

November 2023 | Established Institutional Showcase

UC San Diego will present on their Learning Assessment handled with the lead assessor also being Cyber-AB's curriculum manager. The primary goal here was to address how Research Institutions are different from the standard assessment. [Q&A | Presentation | Meeting Recording ]

U Colorado, Boulder - CMMC Gap Analysis Lessons Learned (top content)

Presented By: Barbara Schnell & Silas Korb, University of Colorado, Boulder

October 2023 | Established Institutional Showcase

Institutional Showcase

University of Colorado, Boulder, will share the lessons learned from their recent C3PAO gap assessment of their enclave.

[Q&A | Presentation | Meeting Recording]

NIST Guidance Document for Implementing controls on HPC (top content)

Presented by: Erik Deumens, University of Florida

Wednesday, January 11th, 2023 | Established Institutional Showcase 

[Presentation and Q&A | Meeting Recording]

Automate Your CMMC Efforts with ChatGPT (top content)

Presented by: Derrich Phillips, AspireCyber

Wednesday, March 8th, 2023 | Training Topic 

ChatGPT is a powerful natural language processing tool that can help defense contractors automate their CMMC efforts. With ChatGPT, you can easily create custom chatbots to assist with tasks such as:  1. Auditing and assessment 2. Reporting and documentation 3. Real-time guidance and feedback 4. Reminders for certification renewals and updates 

[Presentation & Full ChatGPT Conversation  | Meeting Recording]

Financials & Cost Model 

Presented By: 

February 9, 2022 | Established Institutional Showcase | Financials & Cost Model history of Purdue University and University of Florida. Presentations include: Preston Smith of Purdue University and the 7 years of cost models with the lessons learned. Erik Deumens discusses University of Florida's journey to their current cost model. [Presentation + Q&A | Meeting Recording]

System Security Plan Workshop

Advanced System Security Workshop - Summary

Presented By: Carolyn Ellis

Wednesday, May 10, 2023 | Institutional Showcase

On May 1st 2023, RRCoP hosted it's first full day workshop at EDUCAUSE Cybersecurity Privacy Professionals Conference to develop a portion of an SSP together. This included 60 individuals, representing 45 different institutions. We came together to learn where others landed on their implementations to 42 of the most challenging controls. During this talk, we will review the outputs of this first of its kind workshop, and then discuss how we will move forward with what was developed. [Presentation | Meeting Recording]

NC State Regulated Responsibility Ownership

Established Institutional Showcase 

Presented By:  Mary Millsaps & Mardecia Bell, North Carolina State University

March 2024| Established Institutional Showcase

Proper governance can create a smooth path for awareness and buy-in of your regulated research program. Join North Carolina State University as they share how they’ve set up their governance. You’ll learn what roles are participating and how decisions are made. [Presentation | Q&A | Meeting Recording]

Debrief from Certified CMMC Professional course 

Presented by: Laura Raderman, Carnegie Mellon University

October 12, 2022 | Training Topic 

“Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white [Presentation + Q&A | Meeting Recording]

Assessment Experiences 

[Q&A | Presentation | Meeting Recording]

What you really need to know about HIPAA

Training Topic | April 2024

Presented By:  Deb McCaffrey, Arizona State University & Jim Keynon, University of Michigan

[Q&A | Presentation | Recording]

Climbing the NISTy Mountains: A travelers guide

Presented By: Anurag Shankar, Indiana University

Wednesday, August 9, 2023  Training Topic 

Anurag Shankar from Indiana University shared his experiences establishing the NIST RMF at IU and provide useful tips like what to do when writing SSPs and what not to do during assessments.  [ Presentation + Q&A | Meeting Recording]

Department of the Navy Blue Cyber Education Series for Small Businesses and Academic/Research Institutions

Presented By: Kelley Kiernan, Department of the Navy

Wednesday, July 12, 2023  Training Topic 

Department of the Navy Blue Cyber Education Series for Small Business and Academic / Research Institutions, Kelley Kiernan. Kelley will introduce the resources available to us all. Blue Cyber is an early-partnership with Defense Industrial Base contractors and potential contractors to arm them with the latest in cybersecurity best practices. [Presentation |Meeting Recording]

System Security Plan Innovators

Presented By: 

March 9, 2022 | Training Topic | System Security Plan Innovators Check out what Georgia Tech and Case Western Reserve University are doing to streamline their SSPs. Eric Gill of Georgia Tech shares how they process and track multiple SSPs in a highly distributed environment. Cal Frye of Case Western Reserve shares and request community feedback on their proposed plan to make their SSP a sustainable, living document. [Presentation + Q&A | Meeting Recording]

NIST SP 800-171 R3

Training Topics| NIST SP 800-171 R3

Presented By: Derrich Phillips, Aspire Cyber & Laura Raderman, Carnegie Mellon University

Wednesday June 14th, 2023 

On May 8th 2023, NIST 800-171 R3 was released for public comments. RRCoP gathered to discuss highlights and impact. Additionally, NIST spoke to us to collect responses to the: Cybersecurity for R&D Request for Comment

[Presentation | Meeting Recording]

Making FAQs & Documentation More User Friendly

Presented By: Anurag Shankar, Indiana University

April 13, 2022 | Established Institutional Showcase | Making FAQs & Documentation More User Friendly Communicating security and compliance to campus researchers is a challenge for institutional cybersecurity. Anurag Shankar from Indiana University talks about how IU is meeting this challenge through its SecureMyResearch service which uses a new approach to weaving security and compliance into research workflows through online documentation and consulting. [Presentation + Q&A | Meeting Recording]

Facilitating Research: Intersections with Security at UCSD

Presented By: Cyd Burrows-Schilling, UC, San Diego

Wednesday, September 13, 2023  Researcher Focused

Cyd Burrows-Schilling of UC San Diego will share a few tricks to facilitating research, handling intake interviews, and the campus Cybersecurity Certification for Research program assessments.  [ Presentation + Q&A | Meeting Recording]

Compliance & Researchers: Teamwork makes the dream work

Presented By: 

May 11, 2022| Researcher Focused Session |Compliance & Researchers: Teamwork makes the dream work |Karen Bell shares how departments at University of Memphis work together to support research compliance and encourage researchers to meet federal requirements. Jodi Ito shares how researcher focused workshops have resulted in stronger relationships through the entire workflow at University of Hawaii. [Presentation + Q&A | Meeting Recording]

Voices from Aligned Communities

Presented By:

June 8, 2022 All Hands Meeting | Updates and contributions from aligned communities Brief updates of the activities happening beyond RRCoP that have impact on this community. 

[Presentation + Q&A | Meeting Recording]

HITRUST Certification of U of FL's HiPerGator for PHI

Institutional Showcase Presented By: 

December 2023 | Established Institutional Showcase

University of Florida, with auditor Frazier & Deeter, and the HITRUST Alliance will present the story of certifying HiPerGator for Protected Health Information (PHI).

[Presentation + Q&A | Meeting Recording ]

The Path to CMMC Assessment

Presented by: Amy Starzynski Coddens, REN-ISAC

Wednesday, February 8th, 2023 | Training Topic 

What does the path to CMMC assessments looks like including: CCP & CCA objectives, what a training would look like and then briefly touch on how an actual assessment would happen. 

[ Presentation + Q&A | Meeting Recording]

Indiana University's HIPAA Journey & Introduction to HITRUST

Presented By: 

July 13, 2022| Training Topic 

HIPAA and Protected Health Information (PHI) have been a presence within healthcare and medical schools since 2005. In the years since, they have been a leaking steadily into central IT and HPC centers as biomedical research computing needs have grown. This month Anurag Shankar from Indiana University talks about how IU implemented HIPAA for its central research cyberinfrastructure in 2007 and how its approach has evolved since then.

HITRUST presents the various resources, tools and solutions available for organizations to leverage in managing risk and compliance in the most efficient and effective way possible.  They walk through how their programs allow organizations to “assess once, report many” as it relates to executed one validated assessment to provide assurances over compliance with multiple authoritative sources including HIPAA, NIST, CMMC, ISO, etc.

 [Presentation + Q&A | Meeting Recording]

Preparing and Engaging in Third-Party Assessors

Presented By: 

August 10, 2022 |Training Topic

Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.

Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs. 

[Presentation + Q&A | Meeting Recording]

Compliance Journey

Presented By: 

September 14, 2022 |Established Institutional Showcase & Discussion 

Compliance Journey

[Presentation + Q&A | Meeting Recording]

Convenience vs Security 

Presented by:  Irene Kopaliani and Curt Hillegas, Princeton University

October 12, 2022 | Institutional Showcase

[Presentation + Q&A | Meeting Recording]

Impact of Cybersecurity Compliance on UCF Research Administration

Presented By: Tammie McClellan, University of Central Florida

Wednesday, November 9th, 2022 | Institutional Showcase

[Presentation and Q&A | Meeting Recording]

Panel on GRC Tools

Presented by: 

Wednesday, April 12th, 2023 | Training Topic 

GRC (Governance, Risk, and Compliance) tools help organizations manage and monitor their performance against various regulatory, industry-specific, and internal policies and standards. It helps streamline and automate processes related to risk management, compliance, and governance, allowing organizations to effectively identify, assess, and mitigate potential risks and compliance issues.

This panel discussion features 4 institutions running various GRC tools to share their experiences and insights. Learn how these tools have transformed their businesses and discover the potential benefits for your own organization.

[Presentation & Q&A  | Meeting Recording]

Tales from the IT Policy Office at the University of California

Presented by: Robert Smith, University of California

Wednesday, December 14th, 2022 | Established Institutional Showcase 

In this talk Robert Smith, University of California, covered:

[Presentation and Q&A | Meeting Recording]

The UChicago Research Data Strategy and Secure Data Enclave

Presented by: H. Birali Runesha and Steven Aldape, University of Chicago

Wednesday, November 9th, 2022 | Institutional Showcase

The UChicago Security Research Data Strategy (SRDS) and Secure Data Enclave (SDE): The journey and lesson learned.

[Presentation and Q&A | Meeting Recording]

Overview of RRCoP and planning

Presented By: 

January 12, 2022 | All Hands Meeting | Overview of RRCoP and planning discussions of topics for RRCoP to contribute towards the needs of the community  [Presentation | Meeting Recording]

RRCoP Planning and All Hands 

Presented By: 

January, 2024 |All Hands Meeting

We will review the many of valuable assets and resources within RRCoP. When considering planning for upcoming webinars we will also spend some time on discussing upcoming and current needs from the community of practice. 

[Presentation | Meeting Recording]