TACC's Protected Data Service

TACC's Protected Data Service (PDS) is designed to address the most common security control requirements encountered by researchers while also reducing the workload on individual PIs and research teams to satisfy these requirements. TACC has developed an extensive compliance regime that enables some of the largest open science systems in the world to be used by PIs and research groups faced with the prospect of conducting research using protected data.

Protected Data at TACC

The TACC cybersecurity program is based upon the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 requirements for security, and reflects the additional requirements of UT Austin and established Information Technology (IT) security practices.

TACC also supports data that require NIST SP 800-171 or Controlled Unclassified Data (CUI) protection including DFARS 252.204-7000 and DFARS 252.204-7012.

TACC is audited by a third-party independent auditor on a fixed schedule to ensure compliance with NIST 800-53 rev4 and NIST 800-171 rev1.

TACC currently supports the following protected data types. If you need one not listed, please fill out the form below.

  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR)
  • Family Educational Rights and Privacy Act (FERPA)
  • Personally Identifiable Information (PII)
  • Proprietary Data
  • Institutional Review Board (IRB)

If you need support for a data type that is not listed, please fill out the form below.

Note that TACC only provides support for unclassified data processing, regardless of the specific category of that information. No support for data classified at secret or above is provided, and researchers should not, under any circumstance, transfer such data to TACC systems.

Conducting Your Protected Data Research at TACC

TACC's PDS was developed with the intent of meeting the security control requirements of your research agreements and to eliminate the burden placed on PIs who would otherwise be required to their own compliance infrastructure with certification and reporting requirements.

These are the steps needed in order to begin a project at TACC with data protection requirements:

  1. Open a ticket for an initial consultation using the TACC User Portal (portal.tacc.utexas.edu). You may use either your TACC account or, for UT System employees, your EID credentials.
  2. A member of our security team will follow up with you to discuss requirements.
  3. Based on the information you provide, we will document the controls needed to meet your sponsor's expectations.

Please note it will take on average between 4-12 weeks to ensure all relevant documents have been signed by both parties.

The following list will give you some idea of the information we will need from you during our step 2 discussion. If one or more items stump you, don't worry: we'll work with you to figure it out.

Project Essentials

  • Project Lead or PI
  • List of users on the project
  • Data Classification (HIPAA, FISMA, FERPA, ITAR, EAR, Other)
  • Project Name/Description
  • Data Description
  • How long is the project running/termination date
  • Agreements required (MOU, BAA, RSICC license, Institutional agreement, etc.)

Technology Requirements

  • Will users need a hosted VM or will they be submitting jobs?
  • How many cores, memory will you need for VM's?
  • Amount of protected data (in Gigabytes)
  • What software will you run?
  • How did/will you obtain data?
  • What are you going to do with the data?
  • What applications need to be installed?

 

Project Details
Technology Requirements
HPC Requirements