The Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators

The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a new framework that would empower organizations to confront cybersecurity from a mission-oriented, programmatic, and full organizational lifecycle perspective. Rather than rely solely on external guidance (which isn’t tailored to the organization’s mission and which may lack evidence of efficacy), the Trusted CI Framework recommends that organizations take control of their cybersecurity the same way they would any other important business concern: by adopting a programmatic approach. This framework is designed to be understandable and usable by non-cybersecurity and cybersecurity experts alike.

Cybersecurity programs offer a number of benefits that cannot be achieved by simply implementing controls. Well-administered cybersecurity programs are: 

1. Focused on the organization’s mission: Cybersecurity programs are tailored to the needs, priorities, and risk tolerance of the organization and its mission. 

2. Ongoing and evolving: Cybersecurity programs evolve with the organization as the organization matures. They include processes to adapt to changes in the organization’s key assets, available resources, and place in the organizational lifecycle. 

3. About more than technology: Cybersecurity programs address the full scope of cybersecurity decision making, including resourcing, governance, mission alignment, and control selection.

The Trusted CI Framework is structured around 4 Pillars which make up the foundation of a competent cybersecurity program: Mission Alignment, Governance, Resources, and Controls. Composing these pillars are 16 Musts that identify the concrete, critical requirements for establishing and running a competent cybersecurity program. The 4 Pillars and the 16 Musts combined make up the Framework Core, which is designed to be applicable in any environment and useful for any organization.

Visit https://www.trustedci.org/ to learn more about the Trusted CI and its mission, and https://www.trustedci.org/framework to learn more about the Trusted CI Framework.