Skip to main content
Research Data, Technology and Services
Feedback

Cybersecurity

 

Cybersecurity Controls


NSPM-33 requires the creation of a certified Research Security Program within the Research Office and a Research Security Official be named.  

The WVU Research Security Program should include policies related to the cybersecurity controls introduced in this section of NSPM-33.  Policies related to international travel for faculty and staff traveling for organization business, teaching, conference attendance, research purposes, or any offers of sponsored travel that would put a person at risk will be needed or existing policies updated. 

The policies should include an organizational record of covered international travel by faculty and staff and, as appropriate, a disclosure and authorization requirement in advance of international travel, security briefings, assistance with electronic device security (smartphones, laptops, etc.), and preregistration requirements.  

WVU Initiatives for Compliance & Target Timelines

A committee will be formed comprised of ITS, CTSI, the Research Office, the Library and the research community to consider options, develop SOPs and to provide status and communication. 

Policies (In Progress)

New Data Management policies or SOPs will be developed to address data storage during research, general data m anagement during the research life-cycle and ins tit utio nal/PI responsibiliti es. 

Data Inventory (Q2/Q3 2024)
To help us prepare, we will inventory Awards from the past five years and ask PIs questions related to the location of the data, size of data sets and risk ratings.  This will help up project the type of storage that may be needed in the future and if the scope include current projects, the storage needed to accommodate the existing data.

Gap Analysis - Cybersecurity Controls (Q1 2024)
Determine gaps in current available storage options.
Data Storage Plans and Services (Q3 2025)
To comply with the cybersecurity controls, federally funded research data will be required to be stored on institutionally certified storage or have a security plan in the case of instrumentation or when baseline institutionally provided storage does not meet the requirements for the research. Until final guidance for the storage/technology that ITS will be able to support, you should request a consultation if you cannot use the baseline storage plans provided. 

Proposal Assistance (Q2/3 2024)
Provide guidance consultation for PIs to ensure appropriate funding is included as allowable costs.  If WVU existing storage will not work or if the data will be stored in instrumentation, provide guidance on the type of technology and controls that are compliant and supportable for the lifecycle of the Award.
Final NTSC Guidance on NSPM-33 (TBD - Expected in 2024) Effective Date (TBD - Expected at the end of 2025) Full Compliance (TBD 2026)