Restricted Research Data
Restricted Research Data can be any research data—or specifically designated administrative support data—that has restrictions, specific protection requirements, or distribution limitations as prescribed by law, regulation, government-wide policy, or contractual obligation. Some examples of restricted research data includes, but is not limited to: Covered Defense Information (CDI), Federal Contract Information (FCI), Controlled Unclassified Information (CUI), Sensitive Personally Identifiable Information (PII), Proprietary Information, and Personal Health Information (PHI). These different information classification categories often have very specific cybersecurity protection requirements associated with them. Restricted research data can have a wide range of legally or organizationally mandated security controls that aim to protect the data from inadvertent disclosure to or manipulation by unauthorized personnel or entities. These security control types can be grouped into three broad categories: administrative, technical, and physical security controls. That is to say, protecting restricted research data necessitates a holistic approach that requires the cooperation of administrators, information technology professionals, security professionals, and researchers alike.
Cybersecurity Maturity Model Certification (CMMC)
CMMC is a new standard for the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain. It is being phased in over a five-year period (beginning in November of 2020) and is expected to replace the current approach where contractors attest to a self-assessment against the security requirements defined in NIST SP 800-171.
/data-security - Cybersecurity Maturity Model Certification Image