Regulatory Compliance

The University policy for regulatory compliance relating to data security and privacy can be found at under Policies & Procedures in the Privacy Policy Manual. The most important laws are:

  • Health Information Portability and Accountability Act (HIPAA): deals with Protected Health Information (PHI)
  • International Trade in Arms Regulation (ITAR): deals with Controlled Unclassified Information (CUI)
  • Federal Information Systems Management Act (FISMA): describes how systems that hold information must be managed

FISMA requires that data be classified by three aspects:

  • Confidentiality
  • Integrity
  • Availability

By stating whether these aspects are:

  • Low
  • Moderate
  • High

Special Publication 800-53, Revision 4, developed by the National Institute of Science and Technology (NIST) describes what properties systems must have to have appropriate levels of trust for data in each of these aspects.

Special services are available from Research Computing to meet these requirements. The general description of the computing environment for restricted data is described in the UF CERD Handbook.