Local Virtual or Physical Enclave on an Isolated Network for Restricted-use Data

Select this plan if you intend to store and work with restricted-use data in a secure environment managed by your institution.  Security requirements include a secure datacenter, full encryption at rest and in transit, and strong technical controls to prevent restricted-use data from leaving or being shared outside the secure environment.  A Virtual Desktop Environment with strong security controls, including outbound firewalls to prevent connections from the enclave to other systems, is a common method for providing a secure environment. ICPSR does not permit restricted-use data to be stored and used on a shared file server without strong data flow controls, nor does ICPSR allow restricted-use data to be stored, used, or transferred using third-party cloud-based tools. Further requirements: 

  • Data will be stored locally in a virtual or physical enclave on an isolated network that is maintained by the institution’s IT department. Restricted data files will not be removed from this system for any reason. This system has technical controls in place to prevent and/or log any attempts to move or copy data off of the secure directory, and access to the directory containing these data will be restricted to only the Research Investigator and Research Staff listed within this application. 
  • This system’s infrastructure meets or exceeds compliance with FISMA Moderate standards (or equivalent). Appropriate documentation of security controls will be provided to ICPSR upon request (e.g., System Security Plan). 
  • The operating system of the local computer will remain in support by its manufacturer for the duration of the project. As of September 2022, Windows 7 is no longer supported, nor is macOS 10.14 (Mojave). The system should be kept up-to-date with all applicable system and application security patches.
  • During all backups of the computer(s), the restricted data will be excluded from backups or fully encrypted with the chain-of-custody documented and secured. 
  • Any individual(s) not party to the Data Use Agreement who may have the ability to access the restricted data (e.g., IT personnel) will have existing contracts or non-disclosure agreements (to be provided to ICPSR upon request) in place with the Investigator’s institution. 
  • FIPS 140-compliant encryption software will be used for full-disk encryption of the local computer used to access the data. The connection between the storage server and the local computer will be fully encrypted. Note: Folder- or file-level encryption is not sufficient. ICPSR recommends the use of Windows BitLocker or Mac OSX Disk Utility.
  • Data will remain stored in a secure, locked location and will only be accessed by approved researchers from a private room or office. Computer monitor(s) will be oriented to prevent eavesdropping. The computer screen will be set to auto-lock after 15 minutes (or less) of inactivity and all users agree to manually lock the screen or log off from the desktop when stepping away. All users will utilize all applicable security features available within their local computer’s operating system to prevent unauthorized data access, including password-protected user accounts and NTFS permissions. Login credentials will not be shared with others. 
  • Should any security incidents or breaches of this plan occur, the Investigator will notify ICPSR within the time frame specified in the Restricted Data Use Agreement by contacting icpsr-help@umich.edu
  • The Investigator will either renew their Restricted Data Use Agreement or destroy all data at or prior to the conclusion of the Restricted Data Use Agreement.
  • Restricted data will be completely removed from all storage and backups at or prior to the conclusion of the Restricted Data Use Agreement. Use of secure multi-pass erasure software meeting or exceeding DoD 5220.22 M standards is recommended. 
  • Any printed copies of the data will be destroyed (e.g., shredded rather than recycled or placed intact in a waste receptacle) at or prior to the conclusion of the Restricted Data Use Agreement.