Compliance Programs

Below is a collection of materials related to the topic of compliance programs and government regulations that impact information security.

• The Regulated Research Community of Practice project provides guidance and support for compliance programs and operates the HigherEdCUI Slack Channel. Visit https://www.regulatedresearch.org/subscribe for details.

• The Higher Education Regulated Research Workshop Series published a Report in July, 2021.

• The HEISC 800-171 Community Group: The purpose of this group is to provide a forum to discuss NIST 800-171 compliance. Participants are encouraged to collaborate and share effective practices and resources that help higher education institutions prepare for and comply with the NIST 800-171 standard as it relates to Federal Student Aid (FSA), CMMC, DFARS, NIH, and NSF activities.

• National Center for Supercomputing Applications (NCSA) at the University of Illinois blog series on SOC 2 certification

• October 2020: Cybersecurity Maturity Model Certification (CMMC) with Scott Russell (Video) (Slides)

• October 2019 Webinar: Trends in Global Privacy: GDPR One Year Later with Scott Russell (Video) (Slides)

• Facilitating Technical Compliance Through the Development of a New IT Role - https://doi.org/10.1145/3219104.3219116

• May 2019: A Practical Cybersecurity Framework for Open Science Projects and Facilities. Presented to the 2019 Great Plains Network All Hands Meeting. By Kay Avila, Bob Cowles, and Craig Jackson. (Slides)

• May 2019: Building a NIST Risk Management Framework for HIPAA, CUI, and FISMA. Presented to the 2019 Great Plains Network All Hands Meeting. By Ryan Kiser and Anurag Shankar. (Slides)

• April 2019 Webinar: REED+: A cybersecurity framework for research data at Purdue University with Preston Smith (Video) (Slides)

• August 2018 Webinar: NIST 800-171 Compliance Program at University of Connecticut with Jason Pufahl (Video) (Slides)

  • UConn Secured Research Infrastructure (SRI)

• May 2018 Webinar: General Data Protection Regulation (GDPR) with Scott Russell (Video) (Slides)

• NIST SP 800-171 and its potential impact on NSF science

• April 2017 Webinar: HIPAA and FISMA: Computing with Regulated Data with Susan Ramsey & Anurag Shankar (Video) (Slides)

• EDUCAUSE IT Governance, Risk, and Compliance Program

• EDUCAUSE EU General Data Protection Regulation (GDPR)

Videos

Blog posts

Check out our Trusted CI blog posts related to compliance programs.