The Cybersecurity Maturity Model Certification (CMMC): Implications for Contracting with the Department of Defense

One of the current trends for research organizations is the increasingly prominent role of privacy and cybersecurity compliance regimes, such as NIST 800-171, HIPAA, and GDPR. Historically, these compliance regimes have focused on regulated types of data: CUI, PHI, PII, etc. However, recently the Department of Defense (DoD) has signaled a shift away from these data-specific regulations, and towards a compliance regime that sets requirements for every organization that contracts with them, regardless of data. This new compliance regime, the Cybersecurity Maturity Model Certification (CMMC), is slated to begin as soon as Fall 2020, meaning that organizations that intend to be compliant will want to begin preparing almost immediately.

2019 NSF Cybersecurity Summit wrap-up: Strength in Numbers

The 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure was a resounding success. Presentations have been posted to our website, more will be added as they become available.

Our attendance this year was 143, up from 117 attending last year. Presentation proposals saw an increase as well this year, which allowed us to offer a greater variety of trainings and topics. And, our student program had a significant increase in applications; prompting us to include 10 students, up from 6 students last year. In 2019 we launched our new Fellows program and the Cybersecurity Technology Transition to Practice (TTP) program, both of which were included in the Summit agenda of presentations.

Each year we write a report of the Summit, the highlights, and its findings. We are in the process of drafting the 2019 report and will post it soon.

We thank all the presenters, trainers, attendees, students, Fellows, and the event coordinators who helped make this our most successful Summit to date. And finally, we thank the NSF for their support of Trusted CI and our mission to lead in the development of a cybersecurity ecosystem.

PSC Updates

Shane, Kathy, and Andrew at the 2019 NSF Cybersecurity Summit

Following Jim Marsteller's departure from Trusted CI, we are pleased to welcome two new Trusted CI team members from the Pittsburgh Supercomputing Center. Kathy Benninger, PSC's Manager of Networking Research, is our new lead for the Large Facilities Security Team (LFST) and is Trusted CI's new site lead for PSC. Kathy is already actively engaged with Trusted CI leadership and planning for 2020. We also look forward to January when Shane Filus, PSC Security Engineer, will join the Trusted CI team. Kathy and Shane both strengthen our connections to XSEDE.

Lastly, we are grateful for the continued participation in Trusted CI by PSC's Andrew Adams, who is taking on the role of Trusted CI's Chief Information Security Officer (CISO).

Trusted CI Webinar October 28th at 11am ET: Trends in Global Privacy: GDPR One Year Later with Scott Russell

CACR's Scott Russell is presenting the talk, "Trends in Global Privacy: GDPR One Year Later" on October 28th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

The past few years have seen a resurgence of privacy laws around the globe, starting with the European Union’s General Data Protection Regulation (GDPR), but leading to proposed laws in South Korea, Brazil, and the United States. These numerous laws may be targeted at enhancing privacy, but their biggest effect has been as a source of fear and confusion for those who are being regulated. This talk will build upon last year’s GDPR webinar, introduce CCPA, and then go on to discuss trends in global privacy more broadly: what’s happening, what’s coming, and what should you do about it.

Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research (CACR), where his work focuses on privacy and cybersecurity policy. A lawyer and researcher, Scott received his B.A. in Computer Science and History from the University of Virginia, received his J.D. from Indiana University, interned at MITRE, and served as a postdoctoral fellow at CACR.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI at SFSCon 2019

Group Photo of SFSCon 2019 Participants

On September 27-29, Trusted CI participated in SFSCon 2019, the third annual cybersecurity training and professional development event at Cal Poly Pomona (CPP) for the CyberCorps Scholarship for Service (SFS) students and alumni nationwide. 105 student attendees traveled to California from 42 universities across the country for this event organized by CPP Professor Mohammad Husain. In 2017, Trusted CI helped organize the CPP-CTSC SFS Cyberinfrastructure Security Workshop, the first event in this SFSCon series.

This year, Trusted CI's Barton P. Miller and Elisa Heymann provided a Software Assurance training for the students, and Trusted CI's Jim Basney and John Zage provided an Identity and Access Management training. Ishan Abhinit and Zalak Shah (CACR) also provided a Security Log Analysis training, using training materials developed by Trusted CI.

From 45 student attendees in 2017 to 105 student attendees in 2019, SFSCon is a growing success. It’s great to see the SFS program supporting the development of the next generation cybersecurity workforce. Trusted CI is proud to have the Cal Poly Pomona Scholarship for Service project as one of our partners.

CI CoE Pilot - NEON IdM Experiences

The Cyberinfrastructure Center of Excellence (CI CoE) Pilot project, in collaboration with Trusted CI, recently completed an identity and access management engagement with the National Ecological Observatory Network (NEON) to update the NEON Data Portal to use OpenID Connect for user authentication. A paper summarizing this engagement is available.

The goal of the CI CoE Pilot project is to develop a model for a CI CoE that facilitates community building and sharing, and applies knowledge of best practices and innovative solutions for NSF's major multi-user research facilities. One sub-component of the Pilot project is to gain experience with implementing identity management (IdM) solutions for facilities.

NEON was selected as the initial IdM engagee with the intent to assist them with moving the NEON Data Portal away from managing local user credentials and towards leveraging industry standards such as OpenID Connect (OIDC). The implementation involved transitioning to Auth0, which not only imported the existing database of Data Portal users, but also allowed users to log in with third-party OIDC Identity Providers (IdPs) Google and CILogon.