Friday, August 22, 2014

V1 of “Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects” released by CTSC

At the 2013 NSF Cybersecurity Summit Bret Goodrich, Senior Software Engineer of the Daniel K Inouye Solar Telescope(DKIST)/National Solar Observatory(NSO) approached CTSC to discuss how to develop a cybersecurity program for cyberinfrastructure projects.
He was aware of the NIST special publications on conducting risk assessments, applying controls but asked if there was a framework designed to address the unique needs of NSF funded cyberinfrastructure (CI).

At the time, no such framework existed.  After further discussions, CTSC and DKIST began a six month process to create a guide for developing cybersecurity programs crafted to the NSF cyberinfrastructure community. At the completion of this effort the collaboration produced the most comprehensive set of security resources tailored specifically for the CI community.  The guide includes over 18 supporting documents that can be used to kickstart policy development, assisting with risk assessments, data classification and more. A shared goal is to establish a framework that can be adopted by all CI projects.

The latest version of this guide and supporting documents are available on a CTSC managed Google Drive directory, and are available at trustedci.org/guide.

We’re encouraging CI projects to review and support the cybersecurity planning guide by applying the framework to NSF funded projects.

CTSC is seeking comments, suggestions and other feedback to improve the development of these documents for future revisions.

More information about the cybersecurity planning guide or comments to provide feedback can be directed to ‘info@trustedci.org'.

2 comments:

  1. Jim,

    Is there a mechanism for comment on these? Some of the provisions of the policy sections might get projects into trouble when they try to cooperate across international boundaries, for example, and others are highly optional.

    ReplyDelete
  2. Hello Alan, it can be quite challenging to reconcile international policy with domestic (privacy pops to the top for me). And yes, we are seeking comments and feedback on the guide. Please use the 'info@trustedci.org' email to share your comment/thoughts.

    Thanks,

    Jim

    ReplyDelete