In anticipation of the 2020 NSF Cybersecurity Summit, Trusted CI has released v0.9 of a chapter from the forthcoming Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators. The chapter is focused on Must 15: Organizations must adopt and use a baseline control set. The chapter explains the nature of baseline control sets and the rationale for making adoption an absolute “Must.” It provides Research Cyberinfrastructure Operators (RCOs) a roadmap and advice on addressing this fundamental step toward a mature cybersecurity program. This chapter is the result of Trusted CI’s years of accumulated experience conducting research, training, assessments, consultations, and collaborating closely with the research community. It has been reviewed and vetted by the Framework Advisory Board.
Read on to learn more. For inquiries, please contact info@trustedci.org.
About the Trusted CI Framework
The Trusted CI Framework is a tool to help organizations establish cybersecurity programs. In response to an abundance of cybersecurity guidance focused narrowly on security controls, Trusted CI set out to develop a framework that would empower organizations to confront their own cybersecurity challenges from a mission-oriented and full organizational lifecycle perspective. Within Trusted CI’s mission is to lead development of an NSF Cybersecurity Ecosystem that enables trustworthy science, the Framework fills a gap in emphasizing these programmatic fundamentals.
The Trusted CI Framework is structured around 4 “Pillars” which make up the foundation of a competent cybersecurity program: Mission Alignment, Governance, Resources, and Controls.
Within these pillars are 16 “Musts” that identify the concrete, critical elements required for running a competent cybersecurity program. The 4 Pillars and the 16 Musts combined make up the “Framework Core,” which is designed to be applicable in any environment and for any organization and which is unlikely to change significantly over time.
About the forthcoming Framework Implementation Guide
This Framework Implementation Guide is designed for direct use by research cyberinfrastructure operators (RCOs). A “Framework Implementation Guide” (FIG) is an audience-specific deep dive into how an organization would begin implementing the 16 Musts. FIGs provide detailed guidance and recommendations and are expected to be updated much more frequently than the Framework Core.
We define RCOs as organizations that operate on-premises, cloud-based, or hybrid computational and data/information management systems, instruments, visualization environments, networks, and/or other technologies that enable knowledge breakthroughs and discoveries. These include, but are not limited to, major research facilities, research computing centers within research institutions, and major computational resources that support research computing.
Trusted CI will publish v1 of the FIG in early CY2021.
About the Framework Advisory Board
As a product ultimately designed for use in the Research and Higher Education communities, this Framework Implementation Guide is being developed with significant input from stakeholders that represent a cross section of the target audience. The Framework Advisory Board (FAB) includes 19 stakeholders with diverse interests and roles in the research and education communities. Over the course of 2020, Trusted CI’s Framework project team is engaging the FAB on a monthly basis, and the group is providing substantial critique and constructive inputs on draft material.
The Framework Advisory Board is:
Kay Avila (NCSA); Steve Barnet (IceCube); Tom Barton (University of Chicago); Jim Basney (NCSA); Jerry Brower (NOIRLab, Gemini Observatory); Jose Castilleja (NCAR / UCAR); Shafaq Chaudhry (UCF); Eric Cross (NSO); Carolyn Ellis (Purdue U.); Terry Fleury (NCSA); Paul Howell (Internet2); Tim Hudson (NEON / Battelle / Arctic); David Kelsey (UKRI/WISE); Tolgay Kizilelma (UC Merced); Nick Multari (PNNL); Adam Slagell (ESnet); Susan Sons (IU CACR); Alex Withers (NCSA / XSEDE); Melissa Woo (Michigan State U.)