How roles and authority are defined across IT, research, compliance, and academic units

How decision-making happens in decentralized environments

How cybersecurity responsibilities intersect with research security and data governance

How research risks are conceptualized and categorized

What frameworks or methods guide assessment practices

How often risks are assessed and who participates in the process

How control decisions are made and justified

How compensating controls are used when standard practices do not fit

How technical safeguards like MFA, EDR, and incident response are applied in research environments

How NSPM-33, CHIPS, NIST guidance, and NSF controls are interpreted

How institutions anticipate meeting attestation requirements

What concerns or readiness gaps leadership perceives

How training and researcher-facing guidance are delivered

Where cultural or workflow barriers exist

How institutions plan to implement researcher attestation

How expertise, tools, and support structures are organized

How resource models change based on institutional size and research portfolio

How institutions determine what is feasible and proportional for their environment