Training Topic | March 2025

Presented By: Dan Berrigan, Lead, AFRL Worldwide Research Collaboration | Digital Capabilities Directorate | Air Force Research Laboratory

The Air Force Research Laboratory (AFRL) consistently struggles with collaborating in an increasingly diverse scientific landscape. Security and compliance drive restrictions that result in us mailing hard drives of data across the world. In response, AFRL has developed a digital ecosystem built to foster collaboration, innovation, and research amongst its government, academic, and industry partners. This presentation will provide an overview of AFRL’s digital ecosystem, which includes Google Workspace for productivity tools, the AFRL Digital Laboratory Environment for commercial engineering tools, and Google Cloud Platform (GCP) as a research and development cloud. This talk will also discuss how AFRL’s digital ecosystem helps its collaborators meet compliance requirements while providing access to the latest commercial cloud technologies and services.

[Intro Presentation | Available by Request: info@regulatedresearch.org ]

Training Topic | January 2025

• Facilitated by:  Barb Schnell, University of Colorado, Boulder, Associate Director Secure Research Computing

Panel:

• Thomas Graham, Ph.D., VP and CISO at Redspin, a division of Clearwater, CCA, CCI

• Fernando Machado, CISO Cybersec Investments, CCA, CCP

• Mike Snyder, Director of Training and Credentialing, The Cyber AB, CISM, CCA, CPI

• Mathew Titcombe, CEO and founder at Peak InfoSec, CCA

Effective sponsorship and governance for compliance-related policies, Organizational Defined Parameters (ODPs) and organizational roles and responsibilities can be challenging in a highly distributed and consensus-oriented culture such as that found in higher education institutions. Yet it is a requirement for a solid research cybersecurity program and an enabling factor for certifications. 

This panel discussion engages this topic from the perspective of CMMC 3rd Party Assessment Organizations (C3PAO’s) in terms of what an auditor may consider in their assessment and the impact of an organization’s governance and related processes on achieving certification.

[Presentation Materials | Recording]

Training Topic |October 2024

Presented by: Robert Main, Cybersecurity State Coordinator (NC) 

US Department of Homeland Security | Cybersecurity & Infrastructure Security Agency (CISA)

CISA is the national coordinator for critical infrastructure security and resilience, working with partners across government and industry to protect and defend the nation’s critical infrastructure.  This session will cover how we accomplish that mission through the no-cost capabilities we offer our stakeholders.

[Presentation (available upon request: info@regulatedresearch.org) | Recording]

Training Topic | July 2024

Presented by:  Polina Eshkol of UCLA Health

• Advance therapeutics, medical devices/diagnostics and digital-health technologies by bridging the gap between academic research and industry/venture capital interests.

• Become a Research Center of Excellence by investing in infrastructure, education, and improving internal workflows and processes.

• Create an efficient study start-up and study management model, thereby optimizing research study recruitment.

• Ensure optimal protection of intellectual property, research data, and patient confidentiality.

 [Presentation | Meeting Recording]

Presenters: Louis Daher, University of Michigan | Erik Deumens, University of Florida | Jesus Olmedo, Midland University | William Haskell, Buffalo University |  Tina Rimbeck, Buffalo University | Christian Sousa, Colorado University | Cynthia Grigorescu, University of Illinois

June 2024 |Training Topic 

May 1, 2024 at the EDUCAUSE Cybersecurity Privacy Professionals Conference, a full day workshop titled "A Day with the CMMC Assessors" was held.  This was taken from the Abstract of the workshop: "In this year’s advanced skill workshop, attendees will gain a better understanding of preparation required for the eventual third-party Cybersecurity Maturity Model Certification (CMMC) assessment for research enclave(s) and labs by engaging with the Certified CMMC Assessors (CCAs). This session will feature presentations and discussions with CCAs sharing exclusive lessons learned and tips. As an EDUCAUSE event, content is tailored towards assessing research activities by recognizing both the similarities and the differences between large prime contractors and higher education institutions. By attending this workshop, attendees should expect to gain or build upon their fundamental grasp of cybersecurity compliance requirements for CMMC, enabling the organization to be prepared for CMMC assessments in higher education and be better prepared for engaging with Certified Third-Party Assessment Organizations (C3PAOs).  This can ultimately help reduce an institution’s cost to CMMC compliance."

This presentation will focus on the learning outcomes from this full day workshop. 

Day of Resources: [ Presentation | Meeting Recording | Full Report] 

Training Topic | April 2024

Presented By:  Deb McCaffrey, Arizona State University & Jim Keynon, University of Michigan

1. HIPAA requirements need to be reverse engineered. 

2. PHI is defined transactionally. 

3. It’s written for clinical use cases not research. 

[Q&A | Presentation | Recording]

Presented By: Kelley Kiernan, Department of the Navy

July 12, 2023  Training Topic 

Department of the Navy Blue Cyber Education Series for Small Business and Academic / Research Institutions, Kelley Kiernan. Kelley will introduce the resources available to us all. Blue Cyber is an early-partnership with Defense Industrial Base contractors and potential contractors to arm them with the latest in cybersecurity best practices. [Presentation |Meeting Recording]

Advanced System Security Workshop - Summary

Presented By: Carolyn Ellis

May 10, 2023 | Institutional Showcase

On May 1st 2023, RRCoP hosted it's first full day workshop at EDUCAUSE Cybersecurity Privacy Professionals Conference to develop a portion of an SSP together. This included 60 individuals, representing 45 different institutions. We came together to learn where others landed on their implementations to 42 of the most challenging controls. During this talk, we will review the outputs of this first of its kind workshop, and then discuss how we will move forward with what was developed. [Presentation | Meeting Recording]

Presented by: 

• Thomas Brown, University of Florida

• Raina Collins, University of Alaska 

• Alex Magid, Clark University 

• Brian Martinez, Michigan State University

April 12th, 2023 | Training Topic 

GRC (Governance, Risk, and Compliance) tools help organizations manage and monitor their performance against various regulatory, industry-specific, and internal policies and standards. It helps streamline and automate processes related to risk management, compliance, and governance, allowing organizations to effectively identify, assess, and mitigate potential risks and compliance issues.

This panel discussion features 4 institutions running various GRC tools to share their experiences and insights. Learn how these tools have transformed their businesses and discover the potential benefits for your own organization.

[Presentation & Q&A  | Meeting Recording]

Presented by: Derrich Phillips, AspireCyber

March 8th, 2023 | Training Topic 

ChatGPT is a powerful natural language processing tool that can help defense contractors automate their CMMC efforts. With ChatGPT, you can easily create custom chatbots to assist with tasks such as:  1. Auditing and assessment 2. Reporting and documentation 3. Real-time guidance and feedback 4. Reminders for certification renewals and updates 

[Presentation & Full ChatGPT Conversation  | Meeting Recording]

Presented by: Amy Starzynski Coddens, REN-ISAC

February 8th, 2023 | Training Topic 

What does the path to CMMC assessments looks like including: CCP & CCA objectives, what a training would look like and then briefly touch on how an actual assessment would happen. 

[ Presentation + Q&A | Meeting Recording]

Presented by: Laura Raderman, Carnegie Mellon University

October 12, 2022 | Training Topic 

“Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white [Presentation + Q&A | Meeting Recording]

Presented By: 

• Erik Deumens, University of Florida

• Damon Armour, North Carolina State University

August 10, 2022 |Training Topic

Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.

Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs. 

[Presentation + Q&A | Meeting Recording]