Secure Compute Research Environment - Security Controls

Printer-friendly version

Secure Compute Research Environment - Security Controls
 

Data Security Plan

SCRE Data Security Plan v1.0 - February 2015

Agency/Data Set Approval Status

ID Agency / Restricted Data Set Agency Requirements  / retrieval date Status Date SCRE Crosswalk
1 National Center for Education Statistics (Institute for Education Statistics)   preliminary DSP rejected, "standalone computer model" only allowed November 2014  
2 UNC Carolina Population Center

National Longitudinal Study of Adolescent to Adult Health (AddHealth)

 

Security Plans for Restricted-Use Data Requirements - Windows Computer and Redirect Temp Files

retrieved March 10, 2015

Submitted SCRE DSP 1.0, approved April 21, 2015 crosswalk May 2015
3

California Health and Human Services Agency, Committee for the Protection of Human Subjects

Personally Identifiable Data (PID) - 18 HIPAA identifiers

CPHS Data Security Requirements (Physical and Electronic Safeguards sections)

retrieved May 11, 2015

Submitted SCRE DSP 1.0, approved June 2015 crosswalk
July 2015
4

University of Michigan - Institute for Social Research
Panel Study of Income Dynamics (PSID)

Data Protection Plan Requirements

retrieved May 11, 2015

Submitted SCRE DSP 1.0, rejected, "only use of MiCDA Virtual Enclave allowed" March 2015  
5 US Bureau of Labor Statistics - National Longitudinal Survey of Youth (NLSY) Geocode Files extracted from US BLS NLSY Geocode Program Information and Application
dated February 2011
Submitted SCRE DSP 1.0, approved  November 2015 crosswalk August 2015
6 California Employment Development Department (EDD) extracted from draft EDD Agreement: Exhibit E "Special Conditions for Security of Confidential Information" submitted SCRE DSP 1.0, approved  May 2016 crosswalk April 2016
7 University of Michigan ICPSR - Chitwan Valley [Nepal] Family Study: Changing Social Contexts and Family Formation (ICPSR 4538)   submitted SCRE DSP 1.0, in progress October 2016  

 

Security Control Crosswalks

ID Agency/Policy SCRE Crosswalk
1 Critical Security Controls for Effective Cyber Defense (CSC Top 20) v5.1 TBA
2 NIST SP 800-53 rev4 - Security and Privacy Controls for Safeguarding Controlled Technical Information (low-impact baseline controls) TBA
3 Department of Defense DFARS clause 252.204-7012 (Table 1 - subset of NIST 800-53) - Safekeeping of Unclassified Controlled Technical Information TBA
4 NIST SP 800-171  - Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations TBA