Embedded Files
May 1, 2025 Edition of Ask the Assessor: Navigating Policy Hierarchies in Support of Compliance
Abstract
One of the major challenges faced by institutions engaged in regulated research is determining how to align their interpretation of controls with those of other institutions engaged in similar activities. Given the sensitive nature of implementation decisions and the varied resources available to institutions, the primary means of addressing this challenge is traditionally through internal teams or external consulting efforts. However, when teams have been heavily involved in the development and implementation of a System Security Plan, they may inadvertently overlook crucial details or overcommit themselves to additional and unnecessary effort in their solutions.
This advanced, full-day workshop focused on the creation of key components of a NIST 800-171 / CMMC Level 2 System Security Plan (SSP) through collaboration and expert input.
This workshop produced a novel resource achieved from national experts finding consensus of implementation strategies and determining best practices. As a group, we documented responses to 42 selected controls. We encourage you to use this reference as you build your own SSP.
Authors
Emily Adams
Achraf Adenane
Ravikant Agarwal
Damon Armour
Winston Armstrong
Cornelia Bailey
Mardecia Bell
Chris Bernard
Kendall Blaylock
Terry Butcher
Christopher Cashmere
Zepu Chen
Raina Collins
Louis Daher
Tim Daniel
Ramon Delacruz
Erik Deumens
William Drake
Ryan Duitman
Kira Dunn
Robert Edamala
Carolyn Ellis
Wendy Epley
Dan Fast
Cal Frye
Jay Gallman
Enrique Garcia
Jeff Gassaway
Michael Goay
Nick Harrison
David Heidorn
Laura Heilman
Kerry Hixon
Naom Hospodarsky
Curtis Kappenman
Paul Kern
Jesse La Grew
Bob Larsen
Douglas Lewis
Lillian Maestas
Alexander Magid
Dan Mahar
Tammie McClellan
Nan McKenna
William Miaoulis
Jeff Moore
Michael Navicky
Arian Padron
Sherry Pesino
Jacqueline Pitter
Laura Raderman
Jose Ramirez
David Richardson
Robby Rollins
Anurag Shankar
Adria Snead
Cameron Walther
Andrew Weisskopf
Ronni Wilkinson
Daren Wunderlich
Mona Zarei
Institutions
Anderson University
Auburn University
Carnegie Mellon University
Case Western Reserve University
Chemeketa Community College
Clark University
Connecticut State Colleges & Universities
Cornell University
Duke University
Georgia Institute of Technology
Harvard University
Indiana University
Lafayette College
Lake Forest College
Madison Area Technical College
Mississippi State University
North Carolina Community College System
North Carolina State University
North Dakota State University
Princeton University
Purdue University
South Dakota State University
Spelman College
Stanford University
The University of Arizona
Union College
University of Alaska
University of California San Diego
University of Central Florida
University of Chicago
University of Connecticut
University of Delaware
University of Florida
University of Georgia
University of Miami
University of Michigan-Ann Arbor
University of Minnesota
University of Nebraska
University of New Mexico
University of South Carolina
University of Southern California
University of Tennessee System Office
University of Texas System
University of Utah
Vantage Technology Consulting Group
DOWNLOAD
Find the final output on EDUCAUSE's site secured behind member login. Visit: https://events.educause.edu/special-topic-events/cybersecurity-and-privacy-professionals-conference/2023/agenda/advanced-system-security-plan-workshop-separate-registration-is-required
If you are not a EDUCAUSE member, please request a copy at info@regulatedresearch.org from a .edu address.
Page updated
Google Sites
Report abuse