Past Recordings and Presentations
Overview of RRCoP and planning
Presented By:
Carolyn Ellis, University of California, San Diego
Erik Deumens, University of Florida
January 12, 2022 | All Hands Meeting | Overview of RRCoP and planning discussions of topics for RRCoP to contribute towards the needs of the community [Presentation | Meeting Recording]
Financials & Cost Model
Presented By:
Erik Deumens, University of Florida
Preston Smith, Purdue University
February 9, 2022 | Established Institutional Showcase | Financials & Cost Model history of Purdue University and University of Florida. Presentations include: Preston Smith of Purdue University and the 7 years of cost models with the lessons learned. Erik Deumens discusses University of Florida's journey to their current cost model. [Presentation + Q&A | Meeting Recording]
System Security Plan Innovators
Presented By:
Eric Gill, Georgia Tech
Cal Frye, Case Western Reserve University
March 9, 2022 | Training Topic | System Security Plan Innovators Check out what Georgia Tech and Case Western Reserve University are doing to streamline their SSPs. Eric Gill of Georgia Tech shares how they process and track multiple SSPs in a highly distributed environment. Cal Frye of Case Western Reserve shares and request community feedback on their proposed plan to make their SSP a sustainable, living document. [Presentation + Q&A | Meeting Recording]
Making FAQs & Documentation More User Friendly
Presented By: Anurag Shankar, Indiana University
April 13, 2022 | Established Institutional Showcase | Making FAQs & Documentation More User Friendly Communicating security and compliance to campus researchers is a challenge for institutional cybersecurity. Anurag Shankar from Indiana University talks about how IU is meeting this challenge through its SecureMyResearch service which uses a new approach to weaving security and compliance into research workflows through online documentation and consulting. [Presentation + Q&A | Meeting Recording]
Compliance & Researchers: Teamwork makes the dream work
Presented By:
Karen Bell, University of Memphis
Jodi Ito, University of Hawaii
May 11, 2022| Researcher Focused Session |Compliance & Researchers: Teamwork makes the dream work |Karen Bell shares how departments at University of Memphis work together to support research compliance and encourage researchers to meet federal requirements. Jodi Ito shares how researcher focused workshops have resulted in stronger relationships through the entire workflow at University of Hawaii. [Presentation + Q&A | Meeting Recording]
Voices from Aligned Communities
Presented By:
Carolyn Ellis
Michael Corn
Sarah Schlagter
Jay Gallman
Erik Deumens
June 8, 2022 | All Hands Meeting | Updates and contributions from aligned communities Brief updates of the activities happening beyond RRCoP that have impact on this community.
Assorted Updates: RRCoP Website / July Agenda / COGR / FDP
CMMC-Academic Advisory Council (CMMC-AAC)
Association of Export Control Officers (AUECO)
EDUCAUSE 800-171 Compliance Community Group
Coalition for Academic Scientific Computation (CASC)
Indiana University's HIPAA Journey & Introduction to HITRUST
Presented By:
Anurag Shankar, Indiana University
Michael Parisi, HITRUST
July 13, 2022| Training Topic
HIPAA and Protected Health Information (PHI) have been a presence within healthcare and medical schools since 2005. In the years since, they have been a leaking steadily into central IT and HPC centers as biomedical research computing needs have grown. This month Anurag Shankar from Indiana University talks about how IU implemented HIPAA for its central research cyberinfrastructure in 2007 and how its approach has evolved since then.
HITRUST presents the various resources, tools and solutions available for organizations to leverage in managing risk and compliance in the most efficient and effective way possible. They walk through how their programs allow organizations to “assess once, report many” as it relates to executed one validated assessment to provide assurances over compliance with multiple authoritative sources including HIPAA, NIST, CMMC, ISO, etc.
Preparing and Engaging in Third-Party Assessors
Presented By:
Erik Deumens, University of Florida
Damon Armour, North Carolina State University
August 10, 2022 |Training Topic
Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.
Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs.
Compliance Journey
Presented By:
Laura Raderman, Carnegie Mellon University
September 14, 2022 |Established Institutional Showcase & Discussion
Compliance Journey
Laura Raderman shared Carnegie Mellon University's journey to NIST 800-171 compliance including challenges, developing templates, setting up several enclaves, and the external audits they've participated in.
Community Check-in discussion. What should we focus on as a community? Opportunities for engagement. Note: portion was not recorded, but notes do exist following the slide deck.
Convenience vs Security
Presented by: Irene Kopaliani and Curt Hillegas, Princeton University
October 12, 2022 | Institutional Showcase
“Convenience vs Security” Irene Kopaliani and Curt Hillegas discusses how Princeton University strikes a balance between convenience and security.
Debrief from Certified CMMC Professional course
Presented by: Laura Raderman, Carnegie Mellon University
October 12, 2022 | Training Topic
“Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white?
Impact of Cybersecurity Compliance on UCF Research Administration
Presented By: Tammie McClellan, University of Central Florida
Wednesday, November 9th, 2022 | Institutional Showcase
The UChicago Research Data Strategy and Secure Data Enclave
Presented by: H. Birali Runesha and Steven Aldape, University of Chicago
Wednesday, November 9th, 2022 | Institutional Showcase
The UChicago Security Research Data Strategy (SRDS) and Secure Data Enclave (SDE): The journey and lesson learned.
Tales from the IT Policy Office at the University of California
Presented by: Robert Smith, University of California
Wednesday, December 14th, 2022 | Established Institutional Showcase
In this talk Robert Smith, University of California, will cover:
How policy is developed and approved at the University of California
This will include key roles and a process overview
How we engage the community and one really big success
Policy tension at UC today and probably at your institution too
IT Policy and others, no silos here
NIST Guidance Document for Implementing controls on HPC
Presented by: Erik Deumens, University of Florida
Wednesday, January 11th, 2023
1) A debrief from the December Stakeholder Advisory Board presented by Carolyn Ellis, University of California, San Diego
2) NIST Guidance for Implementing controls on HPC Erik Deumens will provide a short status report on CMMC and a preview on work done by NIST on a guidance document for implementing controls on HPC systems.