As previously discussed, NCSA’s Advanced Computing Healthcare Enclave is undergoing a SOC 2 examination. This blog series will document our experiences, lessons learned and best practices.

During the initial drafting of our narrative and controls it became quickly apparent that a SOC 2 examination cannot be limited to security and policy staff. You will not have an accurate narrative of our system and organizational controls without the input, knowledge and experience of the entire organization. To ensure that everyone was on board and providing the information and input we needed, we assigned broad control categories to division heads and/or group leaders as appropriate. Collecting the controls and processes involved both security policy staff and the control group assignees. Moreover, this would also involve the individual staff who were most familiar with the implementation of these controls and processes, and the security staff who ensured that they were properly implemented.

Further, each control needs to be regularly tested. The reason for this is two-fold. First, internal monitoring provides assurance that our controls are operating as expected, and that we remain in compliance and mitigate risks. Second, the outputs of regular testing create a repository of documented evidence that controls are operating. This is especially necessary for the Type 2 examination, which assesses how controls are operating over a period of time. Collecting the evidence throughout the review period avoids a last-minute collection of documentation for all controls at the end of the review. The frequency of testing a particular control depends on how often the control operates (continuously, monthly, annually, etc.), availability of resources to perform the tests, and our risk tolerance. For example, we may choose to test newer or more complex controls more often than well-established controls we can better trust are operating.

Due to the sheer number of controls and staff, coordinating overall responsibilities and area ownership can very quickly get out of hand. NCSA’s approach evolved gradually from simple spreadsheets to collaborative tables in a wiki space to a custom GRC tool (of which more will be discussed in future posts). An example spreadsheet entry would look like:

While this could easily be done in a collaborative tool like Google Spreadsheets, it becomes difficult over time to track ownership, testing, and status of the controls. One reason is that it relies on either the control owner or tester to maintain the status of their respective controls within the spreadsheet. Another major factor is that spreadsheets do not enforce a workflow. For example, if a control is being tested and the test fails, then we must rely on the editor to properly annotate that control and set its status appropriately.

Another tool that can be used to track controls and processes is a collaborative wiki tool such as Atlassian’s Confluence. While a tool such as Confluence provides good integration with documentation for a control catalog, it only alleviates some of the problems described above. In the end it places the primary burden on the staff to manage their respective controls, which can lead to a messy situation in which controls are not properly tested or documented.

In the next post we’ll outline a workflow for how we’ve managed our controls and processes being examined during our SOC 2 Type 2 phase.

Photo by JD MaloneyNCSA’s Advanced Computational Health Enclave (ACHE) is a multi-tenant environment providing high-performance computing (HPC) for research involving electronic Protected Health Information (ePHI). NCSA follows HIPAA standards and has implemented a set of security controls to ensure the protection of ePHI.

As a validation of our controls, NCSA is pursuing a SOC 2 Type 2 certification for its ACHE environment. A SOC 2 is an assessment of a service organization’s system and organizational controls. These internal controls, including policies, business processes, and technical controls, are assessed according to one or more of the AICPA’s Trust Service Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

To become SOC 2 Type 2 certified, a service organization undergoes a third-party auditing procedure which examines both the design and operating effectiveness of the controls. During the evaluation, the service organization presents evidence that controls are well-designed, sufficiently meet the relevant Trust Service Criteria, and are operating as expected over time.

In this first certification process NCSA will be evaluated over a six-month period. Beginning July 1, 2020, we are documenting our controls, periodically testing them, collecting operational evidence, and mitigating non-compliance, following a methodology similar to internal compliance management. In this blog series we will describe the systems and methods we have set up including how we keep track of our controls, how we test our controls, and workflows we have configured to manage evidence collection. As we go through the attestation process we will also note lessons learned and how we will adjust our processes in the future.

Why do kitchen gadgets appear on Facebook after looking up recipes online, or ads for running shoes pop up after searching for new training tips? How is it that the Internet seems to know so much about our interests? These kinds of experiences are due to the ubiquitous and much less tasty cousin of the chocolate chip cookie: the web cookie. This talk will cover the basic concepts behind cookies, the upside of how they can be beneficial to you, and the downside of how they're also used to track your web browsing habits to tailor marketing. Finally, suggestions will be provided for taking back some privacy and control. This talk is presented by Kay Avila, Sr. Security Engineer at NCSA. This presentation will be recorded.


Slides: ChipsAnnoy-KayAvila-2020Aug18.pdf

Learn more about CSD:
Learn more about NCSA:

Members of NCSA's Cybersecurity Directorate (CSD) will be presenting a workshop, a paper, and two posters at PEARC20. Below is a summary of our activities, we hope you join us for them. 

“It’s my pleasure to welcome Scott Koranda back to NCSA as a part-time senior research scientist in our cyberinfrastructure security research (CISR) group,” said Jim Basney, who leads the CISR group in NCSA’s Cybersecurity Division. Scott worked at NCSA back in the late 90s as part of NCSA’s HPC consulting group, before he left NCSA to join LIGO. Since then, Scott has been a senior scientist at the University of Wisconsin-Milwaukee (UWM) and a partner at Spherical Cow Group (SCG). Scott will continue his work with UWM and SCG while joining NCSA part-time.

Scott brings a wealth of experience and expertise to NCSA on the topic of identity and access management (IAM) for international science projects. Jim and Scott were PI and co-PI on CILogon 2.0, an NSF funded project to add the collaboration management capabilities of COmanage to NCSA’s CILogon service, resulting in an integrated IAM platform for science projects that NCSA now offers as a non-profit subscription service. Scott’s new role at NCSA enables him to devote more attention to the support and growth of the CILogon service.

“Scott is a very valuable addition to our team and really grows NCSA’s expertise in cybersecurity and identity management research,” said Alex Withers, who is NCSA’s chief information security officer and the manager of NCSA’s Cybersecurity Division. Jim added, “I met Scott back when he was at NCSA and I was a graduate student on the HTCondor project, and he’s been a valued research collaborator of mine ever since. Our ability to recruit Scott back to NCSA is a testament to our shared vision for CILogon’s growing role in meeting the IAM needs of research collaborations to enable scientific discovery."

We are hiring!

NCSA's cybersecurity group has multiple open positions. Join our team to work on cutting edge software and projects that help secure cyberinfrastructure for national and international science and engineering research communities. To view the job postings and apply, click the corresponding links below.

This event has already occurred. The video has been posted to YouTube.

The Cybersecurity and Networking Division (CSND) at the National Center for Supercomputing Applications (NCSA), a department of the University of Illinois at Urbana-Champaign, is hosting virtual office hours for Illinois K-12 teachers next Wednesday, April 22nd from 3pm - 5pm Central time.

The session will cover various cybersecurity topics, from protecting yourself from spearfishing, scams, and malware; to password hygiene, especially while working remotely during the pandemic. Office hours will begin with a slideshow presentation from NCSA security staff, followed by a question and answer session over chat.

If you are not able to join the presentation at 3pm, you are welcome to hop in later to ask questions, or view the recording afterwards. 

PDF copy of the slides

Presentations are recorded and include time for questions with the audience.

For questions about the presentation, or security in general, contact

To learn more about security at NCSA, see our websiteour Github, and follow us on Twitter at @NCSASecurity.

On Wednesday, members of the NCSA security team gave a group presentation on different topics impacting NCSA staff and assets. The talk began with Security Engineer Paul Guder reviewing helpful tips for generating and managing passwords. Next, Lead Security Engineer Chris Clausen shared the various tools they use to conduct vulnerability scanning. Then, Sr. Security Engineer Kay Avila reviewed DUO, the two-factor authenticator used for protecting NCSA assets. And, Sr. Security Engineer Leandro Avila-Diaz gave a refresher on email phishing scams that commonly occur in a work environment. Paul ended the presentation by directing people to the Security Operations Wiki, highlighting resources the security team have put together to help support and educate staff. 

PDF copy of the slides: NCSA IRST Lightning Talks Lunch (1).pdf

This talk was the first of a quarterly series in 2020. Contact Jeannette Dopheide for suggestions on future topics.

For questions about the presentation, or security in general, contact

To learn more about security at NCSA, see our websiteour Github, and follow us on Twitter at @NCSASecurity.

NCSA's cybersecurity group has an opening for a cybersecurity policy specialist. Join our team to work on cutting edge software and projects that help secure cyberinfrastructure for national and international science and engineering research communities. To view the full post and apply, click the corresponding link below.

NCSA's cybersecurity group is hiring research scientists. Join our team to work on cutting edge software and projects that help secure cyberinfrastructure for national and international science and engineering research communities. To view full post and apply, click the corresponding link below. 

Research Scientist - National Center for Supercomputing Applications (111608)

CSND at #TechEX19

NCSA's Cybersecurity and Networking Division (CSND) will be participating in the 2019 Internet2 Technology Exchange (TechEX19) meeting. Corey Eichelberger will be presenting on Approaches To High Resolution Network Telemetry & Analytics With Machine Learning on Tuesday, December 10 at 09:20am. Kapil Agrawal will be presenting a short tutorial on "RESTful ain't Stressful" discussing RESTful interfaces and API's from a network operator's point of view on Monday, December 9th at 3:30PM and a presentation on Automated Provisioning & Orchestration for Vendor-Agnostic Networks on Thursday, December 12 at 3:10pm. And, Jim Basney will be representing NCSA's CILogon project in the Federated Identity Management for Research (FIM4R), Research and Education FEDerations (REFEDS), and The Americas Policy Management Authority (TAGPMA) sessions. We hope to see you there!

Lead Security Engineer Chris Clausen gave the November security talk to NCSA staff today. The presentation focused on security tips for travelers, especially those who travel with work devices, or need access NCSA/campus resources while traveling. A PDF copy of the slides is available here.

CSND is working on a page for NCSA staff to share and update this information; it is currently under construction. 

This talk was the our last presentation for 2019. We will resume the quarterly security talks in the spring. Please contact Jeannette Dopheide if you have a suggestion for a future topic.

If you have questions about the presentation or security in general, please contact us at

To learn more about security at NCSA, see our website. To learn more about software development at NCSA, see our Github. And follow us on Twitter at @NCSASecurity.

Illinois graduate student Yuming Wu recently attended the 2019 Grace Hopper Celebration (GHC ’19) and was awarded 3rd place at Cisco's IoT Hackathon. Yuming's award included speaking time to briefly present a summary of her research to the GHC audience and an offer to intern with Cisco's IoT team in 2020. Youming is a Computer Engineering student. Her research is supported through a partnership between NCSA and the Coordinated Science Laboratory's (CSL) Depend Lab. It includes auditing and mitigation of SSH brute-force attacks, and applying machine learning to detect intrusions, such as APTs.

The National Science Foundation (NSF) has awarded a $12.5m renewal grant to Trusted CI, the Cybersecurity Center of Excellence (CCoE). The renewal award will fund the Center through 2024. “The dynamic, open, and distributed nature of scientific collaboration introduces unique cybersecurity challenges for scientific cyberinfrastructure,” said NCSA’s Jim Basney, who serves as deputy director of Trusted CI. “With our focus on cybersecurity for NSF science, Trusted CI provides leadership and guidance that addresses these unique challenges.”

More details about Trusted CI, and its goals for the next five years, are available in the NCSA press release.

On September 27-29, CSND's Jim Basney and John Zage participated in SFSCon 2019, the third annual cybersecurity training and professional development event at Cal Poly Pomona (CPP) for the CyberCorps Scholarship for Service (SFS) students and alumni nationwide. 105 student attendees traveled to California from 42 universities across the country for this event. Jim and John provided an Identity and Access Management training, using materials developed by Trusted CI. Jim also served on a cybersecurity career panel to discuss job opportunities (see NCSA Careers for our current openings). NCSA was a sponsor of the event.

Group Photo of SFSCon 2019 Participants