Restricted data is defined as data that is governed by laws, regulations, and/or contractual agreements (see the UF Data Classification Policy). To support research that involves restricted data, UF operates a Computing Environment for Restricted Data (CERD) to meet certain obligations to laws and contractual agreements. The details of UF’s FISMA Program are described in the CERD Handbook and specification of compliance and disclaimer.
Computing environment for restricted data that is NIST 800-53 moderate and 800-171 compliant as of December 2017.
The rates for using the compliant environments for research with restricted data is calculated by counting computing and storage capacity.
UFIT Research Computing has developed a new service, ResVault. It provides a secure environment for information and research that involve electronic protected Health information (eHI) and require compliance with the Health Insurance Portability and Accountability Act (HIPAA). The high-level system architecture of ResVault is shown in the figure to the right. An overview of ResVault was presented at ResVault Day on November 9, 2017. Watch the presentation online.
ResVault also supports projects that require any of the following:
- FISMA “moderate” compliance rating
- NIST 800-53
- International Trade in Arms Regulation (ITAR) compliance
- Controlled Unclassified Information (CUI)
- Controlled Defense Information (CDI)
- NIST 800-171
- Other forms of restricted and sensitive data, such as intellectual property (IP).
Review the University’s data classification policy for more information.
The requirements to use ResVault can be found on the ResVault training page.