Federal Information Security Management Act (FISMA) Data

The Federal Information Security Management Act (FISMA) requires federal agencies and those providing services on their behalf to develop, document, and implement security programs for information technology systems and store the data on U.S. soil. This means that, under some federal contracts or grants, information the university collects or information systems that he university uses to process or store research data need to comply with FISMA.

Whether data is regulated by FISMA is typically called out in a Request for Proposal (RFP) or in contract or grant language. It is important that researchers review grant and contract language closely to identify FISMA or other information security requirements.

Frequently Used by: 

Faculty
Staff
Researchers

Category: 

Sensitive

Examples: 

Examples of research work that might be regulated by FISMA include research in whiche data is provided by federal organizations such as:

  • National Institutes of Health
  • NASA
  • Department of Veterans Affairs

M+Box Core Apps: 

Not Permitted

M+Google Mail and Calendar: 

Not Permitted

M+Google Drive: 

Not Permitted

M+Google Sites, Talk, Groups, Tasks, Classroom: 

Not Permitted

M+Google Additional Services (Non-Core): 

Not Permitted

UMHS Exchange Email and Calendar: 

Not Permitted

CTools: 

Not Permitted

Wolverine Access: 

Not Permitted

MiDatabase: 

Not Permitted

MiServer: 

Not Permitted

Desktop Virtualization (VDI): 

Not Permitted

TSM Backup: 

Not Permitted

MiWorkspace: 

Not Permitted

Sitemaker: 

Not Permitted

Virtualization as a Service (VaaS): 

Not Permitted

Value Storage: 

Not Permitted

Mainstream Storage: 

Not Permitted

Data Warehouse: 

Not Permitted

ITS Exchange Email and Calendar: 

Not Permitted

Desktop Backup (Powered by CrashPlan): 

Permitted

Personally Owned Devices (phone, tablet, laptop, etc.): 

Not Permitted

Flux: 

Not Permitted

MiShare: 

Not Permitted

M Cloud Amazon Web Services (AWS): 

Permitted

Globus: 

Not Permitted

MiVideo: 

Not Permitted

M+Box Additional Apps (Non-Core): 

Not Permitted

M Cloud - Amazon Web Services GovCloud: 

Permitted

Qualtrics: 

Not Permitted

Digital Signage: 

Not Permitted

eResearch: 

Not Permitted

Blue Jeans Video Conferencing: 

Not Permitted