Draft Research Institution Community Developed SSP

Abstract

One of the major challenges faced by institutions engaged in regulated research is determining how to align  their interpretation of controls with those of other institutions engaged in similar activities. Given the sensitive nature of implementation decisions and the varied resources available to institutions, the primary means of addressing this challenge is traditionally through internal teams or external consulting efforts. However, when teams have been heavily involved in the development and implementation of a System Security Plan, they may inadvertently overlook crucial details or overcommit themselves to additional and unnecessary effort  in their solutions.

This advanced, full-day workshop focused on the creation of key components of a NIST 800-171 / CMMC Level 2 System Security Plan (SSP) through collaboration and expert input. 

This workshop produced a novel resource achieved from national experts finding consensus of implementation strategies and determining best practices.  As a group, we documented responses to 42 selected controls. We encourage you to use this reference as you build your own SSP.

Authors

Emily Adams

Achraf Adenane

Ravikant Agarwal

Damon Armour

Winston Armstrong

Cornelia Bailey

Mardecia Bell

Chris Bernard

Kendall Blaylock

Terry Butcher

Christopher Cashmere

Zepu Chen

Raina Collins

Louis Daher

Tim Daniel

Ramon Delacruz

Erik Deumens

William Drake

Ryan Duitman

Kira Dunn

Robert Edamala

 

Carolyn Ellis

Wendy Epley

Dan Fast

Cal Frye

Jay Gallman

Enrique Garcia

Jeff Gassaway

Michael Goay

Nick Harrison

David Heidorn

Laura Heilman

Kerry Hixon

Naom Hospodarsky

Curtis Kappenman

Paul Kern

Jesse La Grew

Bob Larsen

Douglas Lewis

Lillian Maestas

Alexander Magid

Dan Mahar

 

Tammie McClellan

Nan McKenna

William Miaoulis

Jeff Moore

Michael Navicky

Arian Padron

Sherry Pesino

Jacqueline Pitter

Laura Raderman

Jose Ramirez

David Richardson

Robby Rollins

Anurag Shankar

Adria Snead

Cameron Walther

Andrew Weisskopf

Ronni Wilkinson

Daren Wunderlich

Mona Zarei

Institutions

Anderson University
 Auburn University
 Carnegie Mellon University
 Case Western Reserve University
 Chemeketa Community College
 Clark University
 Connecticut State Colleges & Universities
 Cornell University
 Duke University
 Georgia Institute of Technology
 Harvard University
 Indiana University
 Lafayette College
 Lake Forest College
 Madison Area Technical College
 Mississippi State University
 North Carolina Community College System
 North Carolina State University
 North Dakota State University
 Princeton University
 Purdue University
 South Dakota State University

Spelman College



Stanford University
 The University of Arizona
 Union College
 University of Alaska
 University of California San Diego
 University of Central Florida
 University of Chicago
 University of Connecticut
 University of Delaware
 University of Florida
 University of Georgia
 University of Miami
 University of Michigan-Ann Arbor
 University of Minnesota
 University of Nebraska
 University of New Mexico
 University of South Carolina
 University of Southern California
 University of Tennessee System Office
 University of Texas System
 University of Utah
 Vantage Technology Consulting Group

DOWNLOAD

Find the final output on EDUCAUSE's site secured behind member login. Visit: https://events.educause.edu/special-topic-events/cybersecurity-and-privacy-professionals-conference/2023/agenda/advanced-system-security-plan-workshop-separate-registration-is-required 

If you are not a EDUCAUSE member, please request a copy at info@regulatedresearch.org from a .edu address.