Advanced System Security Plan Workshop (Separate Registration is Required)

Monday, May 01 | 8:00AM–4:00PM PT | Regency Ballroom A-C, Second Floor
Session Type: Additional Fee Program
Delivery Format: Preconference Workshop

One of the prevalent challenges faced by institutions engaged in regulated research is determining alignment of their interpretation of controls with those of other institutions engaged in similar activities. Given the sensitive nature of implementation decisions and the varied resources available to institutions, the primary means of addressing this challenge is traditionally through internal teams or external consulting efforts. However, when teams have been heavily involved in the development and implementation of a System Security Plan, they may inadvertently overlook crucial details or divulge excessive information in their solutions.

This advanced, full-day workshop will focus on the creation of a NIST 800-171 / CMMC Level 2 System Security Plan (SSP) through collaboration and expert input. Participants will learn whether their peers use similar implementation strategies, and they will contribute to building a framework for possible implementation strategies at a depth of information that can be generally shared. This workshop will produce a novel resource achieved from national security and compliance experts finding consensus of implementation strategies and determining best practices. Regulated Research Community of Practice (RRCoP) will provide scholarships as a sponsor. For more information:

Agenda: The full-day workshop will begin with the development of an enclave architecture in a collaborative setting, which will serve as the foundation for the rest of the day's activities. The morning will be dedicated to discussing implementation strategies for NIST SP 800-171 controls, with small-group consensus building and presentations for feedback from peers. In the afternoon, the focus will shift to addressing more challenging controls through small-group discussions and peer feedback. The workshop will conclude with a summary of the day's accomplishments and closing remarks.

Workshop Output: This workshop will create a portion of a SSP, developed through consensus with peer experts and documentation of a select group of controls. By focusing on the mechanics of key controls found in an 800-171 compliance SSP, institutions will have a reference document as they approach a CMMC assessment. All participants will have access to the newly created SSP and it will be available on with the participants' attribution.

Participants: Participants are expected to have significant knowledge and experience with writing or owning an SSP or implementing NIST 800-171 / CMMC Level 2 controls. To improve diversity, participation from an institution will be limited, thus allowing participation from many institutions.



Morning (3 hours)

•        Introduction

•        Scoping Exercise

•        Controls in Small Groups

•        Debrief & Discussion

Afternoon (3 hours)

•        Complex controls in Small Groups

•        Debrief & Discussion

•        Closing & Actions to Continue 


  • Damon Armour

    Director of Information Security, Risk & Assurance, North Carolina State University
  • Louis Daher

    Data Security Analyst - Michigan Engineering, University of Michigan-Ann Arbor
  • Erik Deumens

    Director UF Research Computing, University of Florida
  • Carolyn Ellis

    Director, Research Cybersecurity and Compliance, Arizona State University
  • Jay Gallman

    Risk Advisor, Duke University
  • Laura Raderman

    Policy and Compliance Coordinator, Carnegie Mellon University

Resources & Downloads

  • Advanced System Security Plan Workshop_Draft_Research_Institution_CommDeveloped_SSP

    1 MB, pdf - Updated on 6/1/2023

Full access to this content is reserved for EDUCAUSE members.

To access the full content login now or learn more about EDUCAUSE membership.