Regulated data, specifically Federal Contract Information (FCI), Controlled Unclassified Information (CUI), and Human Genomic data from a Controlled Access Data Repository (CADR) require specific controls for the physical space where the data is stored, processed, and trasmitted.
More information on FCI: 48 CFR § 52.204-21
More information on CUI: 32 CFR § 2002.4
More information on CADR requirements: NOT-OD-24-157
Spaces that are currently approved for in-scope data:
- Admin data center
- Library data center
Other on-campus spaces may use in-scope data when:
- The door is kept locked unless authorized employees are present
- External visibility into the space is limited so that only low risk information is visible
- Example: the screen where in-scope data is viewed on is kept facing away from windows, except when the windows are covered by blinds.
- Visitor sign-in sheet is kept for 3 years
- A template visitor sign-in sheet from OIT is attached to this article, if desired.
Off-campus spaces may be used when the space is a private location that meets the requirements defined in The University's Physical Protection standards section 4.
If you have questions about storage options, data classifications or safety of your data, please submit a request to the OIT Security Office.