Training and Education

Content pulled from Kathy Riley of Clemson University from the June 2nd, 2021 final workshop.

Training Objectives (who and what)

• Everyone: General CUI awareness along with specific responsibilities.

• Research Team: System security and technology control requirements, incident response, how to use secure systems

• Contract Officers: How to identify contract clauses for CUI

• Grant Administrators: Overview of security requirements

• IT Support: NIST 800-171 compliance requirements, incident reporting

• Export Control & Research Security: NIST 800-171 overview, incident reporting

• Internal Audit: DFARS and NIST 800-171 requirements

Gathering Information

• Partner with internal and external stakeholders.

• Refresh training material as policies, procedures, security controls, and responsibilities evolve.

• Evaluate effectiveness of training by conducting surveys or follow-up discussions.

• Determine how to develop basic guidelines for CUI markings and other requirements that apply to specific roles.

• Provide technical training to assist with audits/assessments, and with security control discussions using non-technical language.

• Provide tools to assist with assessments

Training Resources

• EDUCAUSE Library of information

• National Archives and Records Administration (NARA) – CUI Registry

• Center for Development of Security Excellence (CDSE) – DoD CUI Program

• Cybersecurity Collaboration Center Webinars

• DoD Cyber Awareness Challenge with Insider Threat information

• DoD CUI Training

Delivery Opportunities

• Leverage IRB training, new faculty orientation, sponsored program newsletters, information security awareness programs, department meetings, and campus publications.

• Conduct In-person training, which can enhance the effectiveness beyond on-line training materials.

• Include CUI with Information Security Awareness and other compliance training.

• Consider augmenting annual training with just in time training…could include short online training segments about specific topics.

Peer Practices

• Utilizing a learning management system (LMS) for on-line training courses.

• Track course enrollments and completion dates.

• Develop customized courses using government website information.

• Establish an annual requirement for on-line training.

• Offer semesterly workshops targeting the University’s research community and include guest speakers from federal partners such as DCSA, DHS, FBI.

• Include research information in a Data Governance program.

• Engage third-party subject matter expert to assist with course development.

• Use the CDSE CUI training and have individuals submit certificates

Challenges

• Utilizing a learning management system (LMS) for on-line training courses.

• Track course enrollments and completion dates.

• Develop customized courses using government website information.

• Establish an annual requirement for on-line training.

• Offer semesterly workshops targeting the University’s research community and include guest speakers from federal partners such as DCSA, DHS, FBI.

• Include research information in a Data Governance program.

• Engage third-party subject matter expert to assist with course development.

• Use the CDSE CUI training and have individuals submit certificates