Advanced System Security Plan Workshop (Separate Registration is Required)
One of the prevalent challenges faced by institutions engaged in regulated research is determining alignment of their interpretation of controls with those of other institutions engaged in similar activities. Given the sensitive nature of implementation decisions and the varied resources available to institutions, the primary means of addressing this challenge is traditionally through internal teams or external consulting efforts. However, when teams have been heavily involved in the development and implementation of a System Security Plan, they may inadvertently overlook crucial details or divulge excessive information in their solutions.
This advanced, full-day workshop will focus on the creation of a NIST 800-171 / CMMC Level 2 System Security Plan (SSP) through collaboration and expert input. Participants will learn whether their peers use similar implementation strategies, and they will contribute to building a framework for possible implementation strategies at a depth of information that can be generally shared. This workshop will produce a novel resource achieved from national security and compliance experts finding consensus of implementation strategies and determining best practices. Regulated Research Community of Practice (RRCoP) will provide scholarships as a sponsor. For more information: https://www.regulatedresearch.org/cppcworkshop23
Agenda: The full-day workshop will begin with the development of an enclave architecture in a collaborative setting, which will serve as the foundation for the rest of the day's activities. The morning will be dedicated to discussing implementation strategies for NIST SP 800-171 controls, with small-group consensus building and presentations for feedback from peers. In the afternoon, the focus will shift to addressing more challenging controls through small-group discussions and peer feedback. The workshop will conclude with a summary of the day's accomplishments and closing remarks.
Workshop Output: This workshop will create a portion of a SSP, developed through consensus with peer experts and documentation of a select group of controls. By focusing on the mechanics of key controls found in an 800-171 compliance SSP, institutions will have a reference document as they approach a CMMC assessment. All participants will have access to the newly created SSP and it will be available on www.regulatedresearch.org with the participants' attribution.
Participants: Participants are expected to have significant knowledge and experience with writing or owning an SSP or implementing NIST 800-171 / CMMC Level 2 controls. To improve diversity, participation from an institution will be limited, thus allowing participation from many institutions.
Schedule
Morning (3 hours)
• Introduction
• Scoping Exercise
• Controls in Small Groups
• Debrief & Discussion
Afternoon (3 hours)
• Complex controls in Small Groups
• Debrief & Discussion
• Closing & Actions to Continue
Presenters
-
Director of Information Security, Risk & Assurance, North Carolina State University
-
Louis Daher
Data Security Analyst - Michigan Engineering, University of Michigan-Ann Arbor -
Erik Deumens
Director UF Research Computing, University of Florida -
Carolyn Ellis
Director, Research Cybersecurity and Compliance, Arizona State University -
Jay Gallman
Risk Advisor, Duke University -
Laura Raderman
Team Lead, Policy and Compliance Coordinator, Carnegie Mellon University
Resources & Downloads
-
Advanced System Security Plan Workshop_Draft_Research_Institution_CommDeveloped_SSP
1 MB, pdf - Updated on 6/1/2023