Friday, August 22, 2014

V1 of “Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects” released by CTSC

At the 2013 NSF Cybersecurity Summit Bret Goodrich, Senior Software Engineer of the Daniel K Inouye Solar Telescope(DKIST)/National Solar Observatory(NSO) approached CTSC to discuss how to develop a cybersecurity program for cyberinfrastructure projects.
He was aware of the NIST special publications on conducting risk assessments, applying controls but asked if there was a framework designed to address the unique needs of NSF funded cyberinfrastructure (CI).

At the time, no such framework existed.  After further discussions, CTSC and DKIST began a six month process to create a guide for developing cybersecurity programs crafted to the NSF cyberinfrastructure community. At the completion of this effort the collaboration produced the most comprehensive set of security resources tailored specifically for the CI community.  The guide includes over 18 supporting documents that can be used to kickstart policy development, assisting with risk assessments, data classification and more. A shared goal is to establish a framework that can be adopted by all CI projects.

The latest version of this guide and supporting documents are available on a CTSC managed Google Drive directory, and are available at

We’re encouraging CI projects to review and support the cybersecurity planning guide by applying the framework to NSF funded projects.

CTSC is seeking comments, suggestions and other feedback to improve the development of these documents for future revisions.

More information about the cybersecurity planning guide or comments to provide feedback can be directed to ‘'.