Update: The original Guide (published in 2014) has been replaced with the Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators. Navigate to trustedci.org/framework to learn more. There, you’ll find more information the Framework, as well as updated tools and templates.
Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects
Read the Guide:
Click here to view the Guide, v1
Use templates to create or improve policies:
These templates are available via Google. To access, click the title. To retrieve an editable version of a template to utilize for your project, go to File > Make a copy..., and save your own.
Acceptable Use Policy Template
Access Control Policy Template
Asset Management Policy Template
Asset-Specific Access and Privilege Specification Template
Disaster Recovery Policy Template
Incident Response Policy and Procedures Template
Information Asset Inventory Template
Information Classification Policy Template
Information Security Training and Awareness Policy Template
draft v3 Master Information Security Policy and Procedures (MISPP) Template
Physical Security Policy Template
Try these forms, tables, and tools:
These tools are available via Google. To access, click the title. To retrieve an editable version of a template to utilize for your project, go to File > Make a copy..., and save your own.
Information Security Program Evaluation
Learn more from these resources:
Securing Commodity IT in Scientific CI Projects: Baseline Controls and Best Practices (Spreadsheet version)
Trusted CI "Cyber Hygiene" Information Security Training Slide Deck
Developing Cybersecurity Programs For NSF Projects Slide Deck (NSF Security Summit 2014)