Certain types of federal data (Pre-CUI)
The Federal Information Security Management Act (FISMA) requires federal agencies and those providing services on their behalf to develop, document and implement security programs for information technology systems and store the data on U.S. soil. This means that, under some federal contracts or grants, information the university collects or information systems that the university uses to process or store research data need to comply with FISMA.
Whether data is regulated by FISMA is typically called out in a Request for Proposal (RFP) or in contract or grant language. It is important that researchers review grant and contract language closely to identify FISMA or other information security requirements.
Examples
Examples of research work that might be regulated by FISMA include research in which data is provided by federal organizations such as:
- National Institutes of Health
- NASA
- Department of Veterans Affairs
Protection Level
- IT Policies
- Data and IT Resource Classification
- Protection Levels for UC Institutional Information
- Security Web Site
- Availability Levels for UC Institutional Information
- IT Policy Glossary
- IS-3: Information Security Policy
- IS-12: IT Recovery Policy
Need Help?
Call: (831) 459-HELP (9-4357)
Email: help@ucsc.edu
