Purpose

To ensure the protection of personally identifiable, sensitive, or confidential information resulting from federally funded grants and contract supported programs and research or belonging to the federal government. 

What does this mean?

Grantees must protect information systems containing identifiable, sensitive, or confidential data, whether electronic or hard copy.

This requirement pertains to data belonging to the federal government or resulting from federally sponsored programs and research. All awardees must protect these data to prevent release or loss.

An increasing number of federal contracts must have a certified FISMA compliant IT environment for data management and these requirements are now a required condition of many grant and contract awards. 

How do I comply?

The Department of Medicine has a FISMA Moderate Security (MedSec) system in place. To comply, you will need to enroll in and use the system. 

Features of the system:

  • High-security environment
  • Self-contained to prevent accidental and/or malicious access
  • Dedicated data storage
  • Dedicated workstation

How do I access the system?

  • You need to have a user account with DOM IT services (called an Outpost account)
  • Authentication requires a multifactor USB token
  • Sign in using your username, password, and mutifactor token value (via USB port)
  • You must use a Windows workstation that: 1) is solely configured to connect to and be controlled by the FISMA domain policies; 2) is dedicated for use on the FISMA domain; 3) meets encryption requirements

How much does it cost?

Visit the DOM IT website for current rates

How do I pay for this? 

You should be able to include them as a direct cost within a sponsored program budget, presented to a sponsor, provided the costs are:

  1. Not included in the University’s Facilities & Administrative rate calculation
  2. Specifically allocable to the project proposed
  3. Reasonable costs (market rate) for such services