Cybersecurity

Cybersecurity is a shared responsibility of all members of the UMD community.  The Division of Research RSO works closely with the Division of Information Technology (DivIT), and particularly with the Research Computing Cybersecurity Program, to monitor and address current and emerging federal cybersecurity requirements which could impact research security and federal awards.

One of the newest sets of requirements are found in NSPM-33 which requires a certification from research organizations awarded in excess of $50 million per year in total Federal research funding that they have implemented a research security program that includes four elements highlighted in NSPM-33.  One of those elements focuses on cybersecurity.  In order to satisfy the required cybersecurity element, research institutions must apply specified basic safeguarding protocols and procedures.  The requirements generally align with CMMC Level 1 and can generally be met with systems configured to UMD Information Security Standards. When the requirements are implemented, we will be required to certify that we are meeting these requirements on new grants and contracts.

Additional cybersecurity requirements will apply in some cases, such as for research involving classified information or Controlled Unclassified Information (CUI).  The National Institute of Standards and Technology (NIST) SP 800-171 Revision 2 is the authoritative source of CUI security requirements.  Additional information regarding CUI at UMD, including the CUI Environment (CUIE), can be found by clicking on the below CUI button.

[Please note, if you experience or become aware of an IT security incident, it is important to follow the guidance provided by the Division of IT on handling and reporting an IT security incident.  If you are unsure where to report an incident, report it to soc@umd.edu and the Division of IT's Security Operations Center will sort out reporting and tracking.]