Embedded Files
We'd like to hear from you!
Our research will look into 6 categories that may help determine an institution's readiness for NSPM-33.
1. Policy Interpretation & Institutional Meaning-Making
1. Policy Interpretation & Institutional Meaning-Making
Focuses on how institutions interpret and translate federal research cybersecurity expectations.
Focuses on how institutions interpret and translate federal research cybersecurity expectations.
How NSPM-33, CHIPS, NIST guidance, and agency signals are interpreted in practice
How institutions reconcile ambiguity across multiple policy sources
How leadership anticipates certification, attestation, and future scrutiny
Supports Project Objective 1 by extending the research cybersecurity landscape to include how institutions are aware of, interpret, and engage with existing policy, resources, and guidance.
2. Authority, Governance, and Accountability
2. Authority, Governance, and Accountability
Examines how responsibility and decision-making for research cybersecurity are structured and exercised.
Examines how responsibility and decision-making for research cybersecurity are structured and exercised.
How roles and authority are defined across IT, research, compliance, and academic units
How decision-making happens in decentralized environments
How cybersecurity responsibilities intersect with research security and data governance
Directly supports Project Objective 2 by examining how institutions structure governance, assign authority, and make research cybersecurity decisions.
3. Risk Framing and Decision Inputs
3. Risk Framing and Decision Inputs
Explores how institutions conceptualize and reason about cybersecurity risk in research settings.
Explores how institutions conceptualize and reason about cybersecurity risk in research settings.
How research cybersecurity risks are defined, scoped, and categorized
What frameworks or methods guide assessment practices
Who participates in risk evaluation and how those assessments inform decisions
Primarily supports Project Objective 3 by analyzing how institutions frame risk and use decision inputs to shape cybersecurity readiness.
4. Operationalization: Controls, Flexibility, and Risk Acceptance
4. Operationalization: Controls, Flexibility, and Risk Acceptance
Looks at how institutional interpretations and risk decisions are translated into operational practice.
Looks at how institutional interpretations and risk decisions are translated into operational practice.
How cybersecurity controls are selected, adapted, or scoped for research environments
How exceptions, compensating controls, and local risk acceptance are handled
How technical safeguards are implemented and justified in research workflows
Informs Project Objective 4 by synthesizing observed implementation patterns into illustrative readiness pathways and improvement trajectories.
5. Scale, Capacity, and the Researcher Interface
5. Scale, Capacity, and the Researcher Interface
Addresses how institutional context and capacity shape feasibility and researcher impact.
Addresses how institutional context and capacity shape feasibility and researcher impact.
How research cybersecurity is staffed, funded, and supported at different scales
How expectations and requirements are communicated to researchers
How institutions assess proportionality, burden, and feasibility across diverse research portfolios
Directly supports Project Objective 3 by identifying structural barriers, capacity constraints, and scale-dependent patterns that shape institutional readiness.
Page updated
Google Sites
Report abuse