Trusted CI Launches “Operation Framework Cohort” to Accelerate Framework Adoption Across NSF

During the first half of 2022, Trusted CI is engaging with NSF Major Facilities by supporting a newly-established cohort that has committed to adopting and implementing [1] the Trusted CI Framework. Members of the cohort will work closely with Trusted CI staff through a series of workshops enabling Framework adoption. The outcome at the end of the engagement period will be for each cohort member to have adopted the Trusted CI Framework and to emerge possessing a validated assessment of their cybersecurity program along with a strategic plan detailing their path to fully implement each Framework Must. 

The cohort pilot officially begins in January 2022 and will include the following NSF Major Facilities:

• Geodetic Facility for the Advancement of Geoscience (GAGE)
• Laser Interferometer Gravitational-wave Observatory (LIGO)  
• National Optical-Infrared Astronomy Research Laboratory (NOIRLab)
• National Radio Astronomy Observatory (NRAO)
• National Solar Observatory (NSO)
• Ocean Observatories Initiative (OOI)

The Trusted CI Framework is a resource to help organizations establish and refine their cybersecurity programs. It is the product of Trusted CI’s many years of accumulated experience conducting cybersecurity research, training, assessments, consultations, and collaborating closely with the research community. In March 2021 Trusted CI published the Trusted CI Framework Implementation Guide (FIG) for Research Cyberinfrastructure Operators as the standard for cybersecurity programs among NSF funded organizations. Publishing the FIG represented a major step forward in advancing Trusted CI’s mission to enable trustworthy science through cybersecurity guidance, templates, and tools, empowering those projects to focus on their science endeavors.

Now that the FIG has been published, Trusted CI’s aim is to help facilitate Framework adoption and implementation across the broader NSF community. To fully realize the cybersecurity benefits provided by Framework implementation, community adoption must be facilitated at a much faster pace than is possible through the traditional one-on-one engagements undertaken by Trusted CI. To address this challenge, Trusted CI launched the “cohort” approach, where representatives from multiple NSF Major Facilities will participate in a group engagement with Trusted CI focused on adoption and implementation of the Framework. 

Trusted CI anticipates the cohort project will span from CY2021 to CY2024 to reach the 25-30 NSF Major Facilities and other NSF research programs targeted for this effort. Trusted CI leadership will discuss the timing and plans for future cohorts in early spring based on the progress and success of this pilot. As Trusted CI gains experience from this initial Framework Cohort, we will keep the community informed of upcoming plans and opportunities for additional facilitated Framework adoption. 

[1]  “Adoption” refers to an organizational commitment to use the Framework as the foundation for its cybersecurity program, and to make the Musts a strategic priority. Adoption is designed to be a low bar, and does not require any implementation. “Implementation” refers to bringing all Musts to (at least) a minimum level of competence. This is a longer term goal.