Introduction to CUI, NIST SP 800-171, and CMMC: We will begin with an overview of CUI and the need for safeguarding it. This will include an explanation of NIST SP 800-171 in providing guidelines for protecting CUI on nonfederal systems and then discuss the Cybersecurity Maturity Model Certification (CMMC) as a framework for ensuring adequate cybersecurity practices and processes.
Types of CUI in University Research: We will discuss the types of CUI universities might generate, use, or store, especially in research projects requiring supercomputer resources.
Scenarios: We will walk through hypothetical scenarios where CUI might be at risk in a university setting, illustrating how NIST SP 800-171 and CMMC requirements apply.
Special Considerations for AI/ML and Large Language Models (LLMs): A discussion of strategies for protecting CUI in these contexts, including data segmentation, access controls, and encryption.
CUI Enclaves and Effective Scoping: We will explain the concept of a CUI enclave as a dedicated environment for handling CUI. Outline steps for effectively scoping such environments, including asset inventory, categorization, and creating network diagrams to ensure compliance with CMMC and NIST SP 800-171 standards.
Responsibility and Accountability: We will lay out the roles and responsibilities within universities. Discuss how prime contractors and subcontractors are required to maintain comparable CMMC levels when handling similar types of CUI, highlighting the collaborative nature of compliance efforts.
Repercussions of Non-Compliance: Detail the potential consequences of failing to adhere to CMMC and NIST SP 800-171 requirements (See FCA filings against Georga Tech & Penn State), including loss of funding, reputational damage, and legal ramifications.
Conclusion and Call to Action: Reiterate the criticality of safeguarding CUI in academic research utilizing shared supercomputing resources. Encourage ongoing education, collaboration, and investment in cybersecurity to meet and exceed the standards set forth by CMMC and NIST SP 800-171.
Create a custom schedule.
Take it with you on mobile.
Get listed in the directory.
