Information Security

  /  

Security Offerings

Federal Regulation Compliance Assessments

We not only have a personal responsibility to keep the University secure, but many federal laws have requirements in sponsored research agreements regarding the protection of data such as:

• Tampering or theft of intellectual property or government-sponsored research
• Unauthorized access, damage, or loss of sensitive research data
• Improper disposal of digital media containing sensitive research
• Sharing passwords and/or system access codes
• Unauthorized release of sensitive research data

Examples of these regulations include:

• DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting”
• FAR 52.204-21, “Basic Safeguarding of Covered Contractor Information Systems”
• NIST Special Publication 800-171, “Requirements for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”

McCormick IT is responsible for attesting to compliance with these requirements. The security team partners with the McCormick Research Administrators to identify awards in the proposal and post award stage, requesting Principal Investigators to schedule a security assessment. After a review of current lab practices, the security team provides recommendations for the remediation of potential vulnerabilities and works with the lab to develop an implementation timeline.