Friday, December 18, 2020

Now available: An “early look” at three additional chapters from the Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators

Following the earlier release of the Must 15 v0.9, Trusted CI has released additional v0.9 chapters from the forthcoming Trusted CI Framework Implementation Guide (FIG) for Research Cyberinfrastructure Operators (RCOs). The chapters are:

Must 3: Organizations must establish and maintain documentation of information assets. 


Must 4: Organizations must establish and implement a structure for classifying information assets as it relates to the organization’s mission. 


Must 16: Organizations must select and deploy additional and alternate controls as warranted. 

These chapters provide RCOs with roadmaps and advice on addressing fundamental steps toward establishing a mature cybersecurity program. The chapters are the result of Trusted CI’s years of accumulated experience conducting research, training, assessments, consultations, and collaborating closely with the research community. They have been reviewed and vetted by the Framework Advisory Board. 

Trusted CI will publish v1.0 of the complete FIG on March 1, 2021.

Read on to learn more. For the latest information about the Framework, please see and consider subscribing to Trusted CI’s announce email list. For inquiries, please contact

About the Trusted CI Framework

The Trusted CI Framework is a tool to help organizations establish cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a framework that would empower organizations to confront their own cybersecurity challenges from a mission-oriented and full organizational lifecycle perspective. Within Trusted CI’s mission is to lead the development of an NSF Cybersecurity Ecosystem that enables trustworthy science: the Framework fills a gap in emphasizing programmatic fundamentals.

The Trusted CI Framework is structured around 4 “Pillars” which make up the foundation of a competent cybersecurity program: Mission Alignment, Governance, Resources, and Controls

Within these pillars are 16 “Musts” that identify the concrete, critical elements required for running a competent cybersecurity program. The 4 Pillars and the 16 Musts combined make up the “Framework Core,” which is designed to be applicable in any environment and for any organization and which is unlikely to change significantly over time.

About the forthcoming Framework Implementation Guide

A “Framework Implementation Guide” (FIG) is an audience-specific deep dive into how an organization would begin implementing the 16 Musts. FIGs provide detailed guidance and recommendations and are expected to be updated much more frequently than the Framework Core.

This Framework Implementation Guide is designed for direct use by research cyberinfrastructure operators. We define RCOs as organizations that operate on-premises, cloud-based, or hybrid computational and data/information management systems, instruments, visualization environments, networks, and/or other technologies that enable knowledge breakthroughs and discoveries. These include, but are not limited to, major research facilities, research computing centers within research institutions, and major computational resources that support research computing.

About the Framework Advisory Board (FAB)

As a product ultimately designed for use in the Research and Higher Education communities, this Framework Implementation Guide is being developed with significant input from stakeholders that represent a cross-section of the target audience. The Framework Advisory Board (FAB) includes 19 stakeholders with diverse interests and roles in the research and education communities. Over the course of 2020, Trusted CI’s Framework project team is engaging the FAB on a monthly basis, and the group is providing substantial inputs on the draft material. 

The Framework Advisory Board is:

Kay Avila (NCSA); Steve Barnet (IceCube); Tom Barton (University of Chicago); Jim Basney (NCSA); Jerry Brower (NOIRLab, Gemini Observatory); Jose Castilleja (NCAR / UCAR); Shafaq Chaudhry (UCF); Eric Cross (NSO); Carolyn Ellis (Purdue U.); Terry Fleury (NCSA); Paul Howell (Internet2); Tim Hudson (NEON / Battelle / Arctic); David Kelsey (UKRI/WISE); Tolgay Kizilelma (UC Merced); Nick Multari (PNNL); Adam Slagell (ESnet); Susan Sons (IU CACR); Alex Withers (NCSA / XSEDE); Melissa Woo (Michigan State U.)