Cybersecurity

NSPM directive: Agencies should require that research organizations satisfy the cybersecurity element of the research security program by applying basic safeguarding protocols and procedures as described in NSPM-33.  

Federal research agencies shall require institutions of higher education to certify that the institution will implement a cybersecurity program consistent with the cybersecurity resource for research institutions described in the CHIPS and Science Act, within one year after the National Institute of Standards and Technology (NIST) of the Department of Commerce publishes that resource.

The Center for Information Technology Services (CITS) is the central information technology organization for UMB. CITS maintains policies about the use and security of its information technology resources. All users of these resources (staff, faculty, students, and guests) are expected to be familiar with these policies and the consequences of violation. These policies have been developed to protect the confidentiality, integrity, and availability of University data.

ORD will partner with CITS to ensure baseline safeguarding protocols and procedures for information systems used to store, transmit, and conduct federally funded R&D and the protection of scientific data from ransomware and other data integrity attack mechanisms, are in place or are implemented.

UMB researchers receiving or generating CUI or export-controlled information and technology must comply with safeguarding requirements to guard against unauthorized disclosure. CITS has launched the Secure Research Environment (SRE), a new centralized virtual environment designed to protect sensitive and restricted research data. Researchers can use software programs and tools available in the SRE to conduct their research and analyses. Secure virtual desktop environments and custom compute configurations allow researchers to access sensitive data under a higher level of control and data protection. The SRE minimizes risk to the institution and Investigators of an unlawful exposure of sensitive data. In addition, a NIST 800-171 compliance policy will be applied as a default to research subscriptions. Visit CITS Research Computing for more information and to access directly the SRE Guidebook.