Research Security: Data Security and Management
NC State University's Research Security Program is dedicated to protecting research while ensuring compliance with state and federal regulations. The program applies necessary controls while upholding the principles of academic freedom and the open exchange of scientific ideas.
Quick links
Relevant Policies, Regulations and Rules
All personnel, including faculty, staff, and students, should be aware that research conducted at NC State is subject to the university’s policies. NC State owns the resulting research data, which must be handled and retained in accordance with university and UNC System standards.
- POL 10.00.01 – Patent and Tangible Research Policy
- REG 01.25.12 – University Record Retention and Disposition Regulation
Grant Records, including research data, fall under Series 6.4 of the UNC System Retention and Disposition Schedule
| Standard/Reference | Applicability | NC State Compliance status | Compliance Office |
|---|---|---|---|
| NIST SP 800-171 | Applicable to research involving Controlled Unclassified Information. See Controlled Unclassified Information (CUI) for more information. | The Secure University Research Environment (SURE) is configured to meet this standard. See Secure University Research Environment (SURE) for more Information | Export Control Office |
| DFARS 252.204-7012 | DOD projects funded by contract | The Secure University Research Environment (SURE) is configured to meet this clause requirements. See Secure University Research Environment (SURE) for more Information | Export Control Office |
| DFARS 252.204-7021 Cybersecurity Maturity Model Certification Requirements (CMMC) | DOD projects funded by contract with a CMMC certification requirement. | SURE has been certified to CMMC Level 2 | Export Control Office |
| NIST SP 800-53 | Cybersecurity standard applicable to US Government systems and those systems operated on behalf of the U.S. Government. This standard is not typically applicable to NC State research. | NC State IT Systems are NOT able to meet this requirement and when included in the contract terms, Sponsored Programs will ask for it to be removed or a lesser standard to be applied (such as NIST SP 800-171.) | Export Control Office |
| NIH Controlled Access Genomic Data | Data received from NIH repository under Data Use Agreements that require compliance with NIST SP 800-171 | The Secure University Research Environment (SURE) is configured to meet this clause requirements. NOTE: SURE’s capabilities may not be well suited for genomic data research. Please review Current Capabilities | IRB Office |