Background Image Alternative Text: bully

Data Security

Mississippi State University participates in a wide-range of private and federally-funded research programs. With the growing threats to cyber infrastructure, as well as to sensitive information, many of these external sponsor entities have implemented specific cybersecurity requirements to ensure that this information is protected. These requirements are manifested through security agreements, non-disclosure agreements, and contractual requirements such as the Department of Defense's DFARS 252.204-7012. Researchers need to be aware that projects with these security requirements must be conducted in specifically designated environments or on specifically configured technical solutions to comply with these preconditions.

Contact Allen Baxter for assistance.

Restricted Research Data

Restricted Research Data can be any research data—or specifically designated administrative support data—that has restrictions, specific protection requirements, or distribution limitations as prescribed by law, regulation, government-wide policy, or contractual obligation. Some examples of restricted research data includes, but is not limited to: Covered Defense Information (CDI), Federal Contract Information (FCI), Controlled Unclassified Information (CUI), Sensitive Personally Identifiable Information (PII), Proprietary Information, and Personal Health Information (PHI). These different information classification categories often have very specific cybersecurity protection requirements associated with them. Restricted research data can have a wide range of legally or organizationally mandated security controls that aim to protect the data from inadvertent disclosure to or manipulation by unauthorized personnel or entities. These security control types can be grouped into three broad categories: administrative, technical, and physical security controls. That is to say, protecting restricted research data necessitates a holistic approach that requires the cooperation of administrators, information technology professionals, security professionals, and researchers alike.

Cybersecurity Maturity Model Certification

CMMC is a new standard for the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain. It is being phased in over a five-year period (beginning in November of 2020) and is expected to replace the current approach where contractors attest to a self-assessment against the security requirements defined in NIST SP 800-171.

Reference

Policies

Coming Soon

Resources

Data Security - Frequently Asked Questions