SDSC’s Health CI Division Now Meets NIST CUI Compliance Requirements

Article Content

The Health Cyberinfrastructure Division of the San Diego Supercomputer Center (SDSC) at the University of California San Diego has expanded its cloud offerings to include a Controlled Unclassified Information (CUI)-compliant environment that is now available to researchers working with government contracts and grants.

The CUI-compliant managed services are available through the SDSC Health CI Sherlock Cloud on premise at SDSC, in Amazon Web Services (AWS), or as a combination of the two locations to meet the needs of those seeking a secure infrastructure to protect CUI.

CUI is non-classified information that is shared by the federal government with a non-federal entity, and requires security protections when processed, stored, transmitted, and used in non-federal information systems. Protection of CUI data, as outlined under the National Institute of Standards and Technology (NIST) Special Publication 800-171, has increasingly become a requirement on many federal grants, such as those funded by the Department of Energy, Department of Defense, and the United States Navy.

SDSC’s Health CI team has been in the compliance arena since 2008, when it initially deployed its FISMA-certified environment followed by its HIPAA-compliant environment, with both environments having grounded security controls under NIST 800-53, on which the CUI requirements also are based. Using its compliance expertise, the Health CI team built its multi-tenant, scalable, managed Cloud service according to those NIST 800-53 requirements.

“For purposes of higher education, this is an extremely relevant and beneficial resource, as the federal government frequently shares data with universities for purposes of research and contracts,” said Sandeep Chandra, executive director of Sherlock Cloud. “Many departments across academia nationwide are being met with, or will be met with, research projects and contracts involving CUI and they lack the resources to adequately protect this data. Sherlock Cloud is well positioned to support these new contract requirements.”

New Campus Partnership

Recently, SDSC’s Health CI Division partnered with researchers at UC San Diego’s Scripps Institution of Oceanography to help meet the CUI requirement on their grants. The institute is the nation’s premier center for ocean, earth, and climate science research, and as a result multiple federal agencies seek its expertise. Most of its funding comes as contracts and grants for basic research from federal agencies (e.g., the National Science Foundation, the Department of the Navy, the National Oceanic and Atmospheric Administration, NASA, and the Department of Energy). With these contracts and grants comes the requirement that CUI must be protected.   

“We are excited about our partnership with the Scripps Institution of Oceanography and the fact that these early project collaborations are providing us excellent use cases on understanding some of the typical architectural, operational, and contractual requirements these projects have,” said Chandra.