CICI: UCSS: Building a Community of Practice for Supporting Regulated Research

CICI：UCSS：建立支持监管研究的实践社区

• 批准号: 2115087
• 负责人: Carolyn Ellis
• 金额: $ 49.98万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-08-01 至 2021-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115087&HistoricalAwards=false
• 关键词: CICI; UCSS; Building; Community; Practice

The daily news clearly shows the increasing threat to safety and privacy of data, personal as well as intellectual property. The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program is called Cybersecurity Maturity Model Certification CMMC. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data. While these requirements improve the consistency of data handling between agencies and contractors and grantees, it leaves academic institutions to figure out how to meet such requirements in a cost-effective way that fits the research and education mission of the institution. Most institutions, agencies, and companies act in isolation with one-off contract language to address data security and safeguarding concerns. The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions. Even though cybersecurity has a clear and uniform goal of protecting data, a onesize solution does not fit all academic institutions.Through this project, RRCoP accomplishes 1) Developing cybersecurity training resources that share validated and diverse best-practices. 2) Establishing a leadership training and development program accelerating availability of distributed university resources 3) Developing representation through strategic partnerships with industry and government entities. By supporting this community with development of a community strategic roadmap, regular discussions and workshops, and a repository of generalized and specific resources for handling regulated research programs RRCoP lowers the barrier to entry for institutions handling new regulations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

每日新闻清楚地表明，数据、个人和知识产权的安全和隐私受到越来越大的威胁。国防部修改了DFARS条款，要求2017年分类并标记为CUI的数据必须遵循NIST 800-171。该计划的下一个演变称为网络安全成熟度模型认证CMMC。其他机构，例如教育部，已经表示他们正在考虑遵循类似的途径来保护数据。虽然这些要求改善了机构与承包商和受赠人之间数据处理的一致性，但它让学术机构弄清楚如何以符合机构研究和教育使命的具有成本效益的方式满足这些要求。大多数机构、机构和公司都以一次性合同语言孤立地行动，以解决数据安全和保障方面的问题。监管研究实践社区(RRCoP)建立了一个人员网络，能够在学术机构实施负担得起但有效的网络安全和合规计划方面相互帮助。尽管网络安全有一个明确而统一的保护数据的目标，但一刀切的解决方案并不适合所有的学术机构。通过这个项目，RRCoP完成了1)开发网络安全培训资源，共享经过验证的和多样化的最佳实践。2)建立领导力培训和发展计划，加快分散的大学资源的可获得性；3)通过与行业和政府实体的战略伙伴关系发展代表性。通过支持这个社区制定社区战略路线图、定期讨论和研讨会，以及处理受监管研究项目的一般性和具体资源库，RRCoP降低了处理新法规的机构的进入门槛。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。