The second half of 2025 was incredibly productive for the Trusted CI team. After a successful cohort in the first half of 2025, Trusted CI shifted efforts to piloting two new kinds of assessments: a Trusted CI Framework reassessment for organizations who previously participated in a Trusted CI Framework cohort program and a Cybertrack+ Assessment with NOIRLab focused on assessing the most important cybersecurity controls.
Trusted CI Framework Reassessment Cohort Pilot
This pilot was a three month group engagement where previous cohort graduates had their cybersecurity programs re-assessed by Trusted CI, culminating in new ratings for each of the Framework’s 16 Musts and updated strategic recommendations. The Framework reassessment cohort was designed to be lighter-weight than the original Framework cohort, allowing organizations who are already well-versed in the Framework to quickly engage with Trusted CI, while preserving the opportunity to meet and learn from one’s peer organizations in a small-group environment. The pilot brought five NSF-sponsored organizations together for opportunities to share their experiences: Corporation for Education Network Initiatives in California (CENIC), Network for Advanced NMR (NAN), US National Science Foundation National Optical-Infrared Astronomy Research Laboratory (NOIRLab), National Solar Observatory (NSO), and Ocean Observatories Initiative (OOI).
 |
| CENIC reassessment presentation |
Each organization had the opportunity to collaborate with other participants at the in-person Reassessment Workshop during the 2025 NSF Cybersecurity Summit in Boulder, CO. During the workshop, organizations presented on their mission and cybersecurity program, highlighted major changes from their previous assessment, as well as successes, challenges, and lessons learned. The group also held a hotwash on their experience with the reassessment cohort to help Trusted CI improve the program going forward.
“Participating in the Framework reassessment cohort pilot was a worthwhile experience that not only allowed the OOI to reengage with and learn from our Trusted CI and Major Facility colleagues but also to reflect on and better quantify all of the hard work that has gone into improving the OOI cybersecurity program since it was assessed in 2022 as part of the inaugural Framework cohort.” –Craig Risien, Ocean Observatories Initiative
 |
| Reassessment Workshop in Boulder, CO |
Trusted CI Cybertrack+ Assessment Pilot with NOIRLab
Over last summer, Trusted CI kicked off a pilot assessment focused on assessing the most important cybersecurity controls. To do this, Trusted CI adopted the Cybertrack Assessment Methodology: This assessment methodology was developed through a partnership between Purdue University and Indiana University, with sponsorship from the Indiana Office of Technology. These assessments evaluate the most powerful cybersecurity fundamentals leveraging the Trusted CI Framework and CIS Controls, and provide actionable advice to improve an organization's cybersecurity posture. Cybertrack+ assessments expand this methodology to incorporate additional CIS Safeguards that are most important for operational technology (OT). In future assessments, Trusted CI plans to tailor the methodology to include the NSF Critical Controls that subsequently appeared in the 2025 NSF Research Infrastructure Guide.
Trusted CI engaged with NOIRLab to test the assessment on a research infrastructure organization. The Trusted CI Team worked with NOIRLab over a period of about two months, conducting written discovery and meeting for a fact finding session to clarify any outstanding details. At the end of this pilot, NOIRLab received an assessment report with prioritized recommendations to improve its controls implementation.
"The results of the Trusted CI Cybertrack+ Assessment included 5 top recommendations that will have an immediate impact on our cybersecurity posture. The rest of the report will help drive future projects that will further secure our research infrastructure. This was much more painless than other assessments, with better, more focused recommendations." –Jerry Brower, NOIRLab
The success of both the reassessment cohort and the Cybertrack+ pilot was significantly amplified by strong collaboration among all participants and the Trusted CI team. Trusted CI extends its sincere thanks to all participants for their commitment, time, and helpful contributions throughout these pilot assessments.
