The UGA CyberArch program is a cybersecurity initiative that aims to help communities and organizations improve their cyber resilience. It started as a pilot program in 2018, led by Dr. Paul Brooks and Dr. Angel Jackson, in two counties within the Archway Community program. The program offered community training, vulnerability assessments, and annual conferences on cybersecurity topics. However, the program faced challenges in scaling up and adapting to provide services to more communities throughout Georgia. In 2021, Mark Lupo, a member of the UGA CyberArch committee, explored the MIT Cybersecurity Clinic model based on a recommendation by Matt Pruitt.  The MIT cybersecurity clinic provided two missing pieces of the CyberArch puzzle. First, the clinic involved students in conducting organizational assessments and, second, the clinic model condensed the time frame to within a semester window.   Mr. Lupo contacted Dr. Larry Susskind at MIT and Ann Cleveland at U.C. Berkeley to learn more about the clinic model and join the then emerging Consortium of Cybersecurity Clinics. The UGA CyberArch committee decided to run a second pilot program using the MIT model in the spring of 2022, and received an overwhelming response from students who wanted to participate in the program. The UGA CyberArch program is an example of how UGA leverages its resources and partnerships to address the critical issue of cybersecurity in the 21st century.

In the fall of 2022, the UGA CyberArch program expanded its scope and integrated the UTSA Community Cybersecurity Maturity Model (CCSMM), which provided a nationally recognized approach, a measurement tool, and a way to track progress and impact of the program. Mark Lupo contacted Natalie Sjelin, UTSA’s Director of Training for the CCSMM, and learned how to apply the model to the UGA CyberArch program. He also required the students who applied for the program to take a course on the CCSMM through TEEX. The UGA CyberArch program recruited 24 students and 6 organizations for the fall semester and assigned them to work on different dimensions of the CCSMM, as well as secondary projects such as developing a cybersecurity conference and a website. The UGA CyberArch program also adopted a new platform called Cytex, developed by Broadstone Technologies, LLC, which streamlined the process of conducting and reporting the organizational assessments. The UGA CyberArch program is an example of how UGA adapts and innovates to provide the best cybersecurity service to its partners.

During late fall of 2022, Mr. Lupo began researching the Center for Internet Security (CIS) Controls, Version 8 and found another missing piece that these controls provided, a nationally recognized standard of cybersecurity protocols.  Using the concept of the Implementation Groups, Mark guided the student interns to focus on identifying the questions being asked currently within the MIT and UTSA CCSMM models and aligning these questions with which of the 56 safeguards that question related/aligned.  
This alignment of the CIS Controls, IG1, became one of the primary focuses of the student activity for early spring semester 2023.  The purpose of this question alignment was to help identify duplicate questions within those currently being asked as well as determining which CIS IG1 safeguards were not being addressed in the questions being asked to an organization.  Students were then guided to create additional questions that related to those safeguards not being addressed.  

Ultimately, this alignment of questions with the safeguards provides a means to map the question to the safeguard and generate a final report corresponding to the CIS controls and safeguards. The students can then provide to the organization specific recommendations to achieve compliance with the safeguards and, based on the organization’s response to the questions asked, can determine where on the maturity spectrum the organization sits and how they can best improve their cybersecurity posture.