CICI: UCSS: Building a Community of Practice for Supporting Regulated Research

CICI：UCSS：建立支持监管研究的实践社区

• 批准号: 2409859
• 负责人: Carolyn Ellis
• 金额: $ 49.98万
• 依托单位: Arizona State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-12-01 至 2025-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2409859&HistoricalAwards=false
• 关键词: CICI; UCSS; Building; Community; Practice

The daily news clearly shows the increasing threat to safety and privacy of data, personal as well as intellectual property. The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program is called Cybersecurity Maturity Model Certification CMMC. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data. While these requirements improve the consistency of data handling between agencies and contractors and grantees, it leaves academic institutions to figure out how to meet such requirements in a cost-effective way that fits the research and education mission of the institution. Most institutions, agencies, and companies act in isolation with one-off contract language to address data security and safeguarding concerns. The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions. Even though cybersecurity has a clear and uniform goal of protecting data, a onesize solution does not fit all academic institutions.Through this project, RRCoP accomplishes 1) Developing cybersecurity training resources that share validated and diverse best-practices. 2) Establishing a leadership training and development program accelerating availability of distributed university resources 3) Developing representation through strategic partnerships with industry and government entities. By supporting this community with development of a community strategic roadmap, regular discussions and workshops, and a repository of generalized and specific resources for handling regulated research programs RRCoP lowers the barrier to entry for institutions handling new regulations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

每日新闻清楚地表明数据、个人以及知识产权的安全和隐私面临着越来越大的威胁。国防部修改了 DFARS 条款，要求 2017 年分类和标记为 CUI 的数据必须遵循 NIST 800-171。该计划的下一步发展称为网络安全成熟度模型认证 CMMC。其他机构，例如教育部，已表示他们正在考虑采取类似的途径来保护数据。虽然这些要求提高了机构、承包商和受资助者之间数据处理的一致性，但学术机构仍需要弄清楚如何以符合机构研究和教育使命的经济有效的方式满足这些要求。大多数机构、代理机构和公司都采用一次性合同语言来单独行动，以解决数据安全和保护问题。受监管研究实践社区 (RRCoP) 建立了一个能够互相帮助的人员网络，在学术机构实施负担得起但有效的网络安全和合规计划。尽管网络安全有一个明确且统一的保护数据的目标，但单一解决方案并不适合所有学术机构。通过该项目，RRCoP 实现了 1) 开发网络安全培训资源，共享经过验证的多样化最佳实践。 2) 建立领导力培训和发展计划，加速分布式大学资源的可用性。 3) 通过与行业和政府实体的战略伙伴关系发展代表性。通过制定社区战略路线图、定期讨论和研讨会以及处理受监管研究计划的通用和特定资源库来支持该社区，RRCoP 降低了处理新法规的机构的准入门槛。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。