News Archive

SDSC’s Health CI Division Now Meets NIST CUI Compliance Requirements

Published March 1, 2018

The Health Cyberinfrastructure Division of the San Diego Supercomputer Center (SDSC) at the University of California San Diego has expanded its cloud offerings to include a Controlled Unclassified Information (CUI)-compliant environment that is now available to researchers working with government contracts and grants.

The CUI-compliant managed services are available through the SDSC Health CI Sherlock Cloud on premise at SDSC, in Amazon Web Services (AWS), or as a combination of the two locations to meet the needs of those seeking a secure infrastructure to protect CUI.

CUI is non-classified information that is shared by the federal government with a non-federal entity, and requires security protections when processed, stored, transmitted, and used in non-federal information systems. Protection of CUI data, as outlined under the National Institute of Standards and Technology (NIST) Special Publication 800-171, has increasingly become a requirement on many federal grants, such as those funded by the Department of Energy, Department of Defense, and the United States Navy.

SDSC’s Health CI team has been in the compliance arena since 2008, when it initially deployed its FISMA-certified environment followed by its HIPAA-compliant environment, with both environments having grounded security controls under NIST 800-53, on which the CUI requirements also are based. Using its compliance expertise, the Health CI team built its multi-tenant, scalable, managed Cloud service according to those NIST 800-53 requirements.

“For purposes of higher education, this is an extremely relevant and beneficial resource, as the federal government frequently shares data with universities for purposes of research and contracts,” said Sandeep Chandra, executive director of Sherlock Cloud. “Many departments across academia nationwide are being met with, or will be met with, research projects and contracts involving CUI and they lack the resources to adequately protect this data. Sherlock Cloud is well positioned to support these new contract requirements.”

New Campus Partnership

Recently, SDSC’s Health CI Division partnered with researchers at UC San Diego’s Scripps Institution of Oceanography to help meet the CUI requirement on their grants. The institute is the nation’s premier center for ocean, earth, and climate science research, and as a result multiple federal agencies seek its expertise. Most of its funding comes as contracts and grants for basic research from federal agencies (e.g., the National Science Foundation, the Department of the Navy, the National Oceanic and Atmospheric Administration, NASA, and the Department of Energy). With these contracts and grants comes the requirement that CUI must be protected.   

“We are excited about our partnership with the Scripps Institution of Oceanography and the fact that these early project collaborations are providing us excellent use cases on understanding some of the typical architectural, operational, and contractual requirements these projects have,” said Chandra.

About SDSC’s Health Cyberinfrastructure Division

SDSC’s Health Cyberinfrastructure Division focuses on providing innovative, secure information technology and data services for a wide range of initiatives for the UC system, academia, and state and federal government agencies. It is an SDSC Center of Excellence for secure HIPAA- and FISMA-compliant managed cloud hosting. Launched under the brand Sherlock, its major services – Cloud, Compliance, Cybersecurity, and Data Lab – provide a secure foundation for a wide range of research and data collection initiatives. The Health CI Division supports a variety of entities including the Centers for Medicare and Medicaid Services (CMS), National Institutes of Health (NIH), and University of California Systems. For more information, please visit the Sherlock website.

About SDSC

As an Organized Research Unit of UC San Diego, SDSC is considered a leader in data-intensive computing and cyberinfrastructure, providing resources, services, and expertise to the national research community, including industry and academia. Cyberinfrastructure refers to an accessible, integrated network of computer-based resources and expertise, focused on accelerating scientific inquiry and discovery. SDSC supports hundreds of multidisciplinary programs spanning a wide variety of domains, from earth sciences and biology to astrophysics, bioinformatics, and health IT. SDSC’s petascale Comet supercomputer continues to be a key resource within the National Science Foundation’s XSEDE (Extreme Science and Engineering Discovery Environment) program.