Resources

Resources linked on this page are related to research data security but may also be part of broader initiatives to prevent undue foreign influence on research. Additional information about foreign influence initiatives, sponsor and institutional disclosure requirements, enforcement actions, and other topics is available on the Foreign Influence pages of the Research website.

UVA Information Security Resources

Health Information and Technology (HIT) - supports the Health System, including users in the School of Medicine and School of Nursing

Information Security (InfoSec) part of Information Technology Services - supports the Academic Division

Data Protection
Security Guidance
Role-Based Guidance (Dept. Heads, Users, Researchers, and System Administrators & Local Support Providers)

UVA Wise Information Technology - supports users at the College at Wise

Policies and Security

US Government Publications & Guidance

Subcommittee on Open Science of the National Science and Technology Council

Desirable Characteristics of Data Repositories for Federally Funded Research

Cybersecurity & Infrastructure Security Agency (CISA)

National Security Presidential Memorandum (NSPM) - 33 on United States Government-Supported Research and Development National Security Policy (1/14/2021)

The Subcommittee on Research Security, Joint Committee on the Research Environment (JCORE) of the National Science & Technology Council "Recommended Practices for Strengthening the Security and Integrity of America's Science and Technology Research Enterprise" report was released by the Office of Science and Technology Policy (OSTP) (1/19/2021). Note: Corresponding guidance to federal agencies is expected to be released soon.

The JASON group report "Fundamental Research Security" (12/11/2019) is the result of a study commissioned by the National Science Foundation (NSF) in early 2019; see also NSF's Fundamental Research Security Fact Sheet summarizing the JASON group's findings and recommendations. NSF's Response to the report's findings have also been released (3/2/2020).

Training Resources

New Training Course Available!

CITI's new Undue Foreign Influence: Risks and Mitigations course is now available to all UVA faculty, staff, trainees and students as part of our institutional subscription. One of the course modules is on Cybersecurity and Compliance Considerations for Safeguarding Research and provides an overview of risks and basic safeguarding.

The full course consists of four modules (25-35 min. each) currently all must be completed to receive credit for the course but they do not have to be completed in order or in a single session:

Introduction to Undue Foreign Influence Impacts and Concerns in Academia;
Reporting, Research Integrity, and Effective Practices to Manage Undue Foreign Influence Risk;
Cybersecurity and Compliance Considerations for Safeguarding Research; and
Nondiscrimination Considerations When Managing Undue Foreign Influence.

The CITI VPR Training Instructions document provides information on accessing CITI training content.

Information Technology Services (ITS) Offerings

UVA's Information Security group provides a variety of cybersecurity training, information, and resources to everyone using IT resources at UVA to help them protected both their, and UVA's, digital resources. Visit their Education & Training to see available courses and guidance.

UVA IT Academy is made available by ITS to promote IT service excellence by focusing on training across three primary Learning Paths (with learning tracks in each): IT at UVA, People Skills & Management, Technical. A variety of security related courses, technical and nontechnical, are available. Note: NetBadge is required to access course lists and training content.

Controlled Unclassified Information (CUI) Training

UVA's Safeguarding CUI course is required for all individuals with access to CUI at UVA but is available to all interested individuals. The course covers provides a general introduction to CUI; discusses how CUI controls may impact the conduct of research; and provides insider threat awareness training. The course is only delivered through the Workday Learning application.

Voluntary Enrollment: Anyone with access to Workday Learning can self-enroll in the Safeguarding Controlled Unclassified Information course.

Login to Workday.
Select the Learning application.
Under the "Learn" menu select either "Search Digital Courses" or "Search All Learning" for all or part of the the course name.
Click on the "Safeguarding Controlled Unclassified Information" course entry
Click the "Enroll" button at the bottom of the screen.

If you do not have access to Workday Learning, please email Andrew Bedotto for assistance.

U.S. Government CUI Training Materials

DoD Mandatory Controlled Unclassified Information (CUI) Training. Note: At this time, completion of this course by University researchers is not required by DoD. Other DoD-specific CUI training materials may be accessed HERE.

NARA CUI Training Modules. Developed by the CUI Executive Agent these training modules for the CUI Program are designed for a widespread audience at multiple levels within the government and beyond. They are intended to supplement any training or awareness efforts by Executive branch entities or other stakeholders (i.e., Nonfederal organizations).

Federal Sponsor Guidance

While sponsor guidance and requirements for safeguarding fundamental research data are typically not prescriptive, there is a clear expectation that safeguarding be adequate to enable appropriate accessibility and maintain the integrity of the research data. Many sponsors expect these issues to be addressed in the Data Sharing and Management Plan.

National Institutes of Health

NIH Policy on Data Management and Sharing (effective January 25, 2023) makes the data management and sharing plan part of the award terms and conditions subject to standard compliance and enforcement mechanisms.
- During the funding period, compliance with the Plan will be determined by the NIH ICO and compliance with the Plan, including any Plan updates, may be reviewed during regular reporting intervals (e.g., at the time of annual Research Performance Progress Reports (RPPRs)).
- After the end of the funding period, non-compliance with the NIH ICO-approved Plan may be taken into account by NIH for future funding decisions for the recipient institution (e.g., as authorized in the NIH Grants Policy Statement, Section 8.5, Special Award Conditions, and Remedies for Noncompliance (Special Award Conditions and Enforcement Actions)).
NIH Grants Policy Statement (GPS) 2.3.13 Protecting Sensitive Data and Information Used in Research. Applies to all NIH grants and cooperative agreements. Reminds recipients of their responsibility to protect sensitive and confidential data as part of proper stewardship of federally funded research, and take all reasonable and appropriate actions to prevent the inadvertent disclosure, release or loss of sensitive personal information.
NIAID Data Security SOP identifies expectations and responsibilities to ensure the protection of personally identifiable, sensitive, or confidential information resulting from NIH-supported research or belonging to the federal government.

Department of Energy

DOE Policy for Digital Research Data Management.
- Suggested Elements for a Data Management Plan
Office of Science Statement on Digital Data Management

National Science Foundation

Protecting Research and Facilitating Collaboration