The Data Enclave is fully compliant with DOC IT Security Program Policy, Section 6.5.2, the Federal Information Security Management Act, provisions of mandatory Federal Information Processing Standards (FIPS) and all other applicable NIST Data IT system and physical security requirements. This includes:
- Employee Security
- Rules of Behavior
- Nondisclosure Agreements
- IT System Security
- Applicable Laws and Regulations
- Network Connectivity
- Remote Access
- Physical Access
For the remote access, the NORC data enclave uses an encrypted connection with the data enclave using virtual private network (VPN) technology. VPN technology prevents outsiders from reading data transmitted between the researcher’s computer and NORC’s network. Other key elements of the enclave’s security include the following:
- Users access the data enclave from a pre-defined range of IP addresses.
- All applications and data run on the server at the data enclave.
- The data enclave can prevent the user from transferring any data from data enclave to a local computer.
- Data files cannot be downloaded from the remote server to the user’s local PC.
- The user cannot use the "cut and paste" feature in Windows to move data from the Citrix session.
- The user is prevented from printing the data on a local computer.
- The NORC data enclave tracks usage by means of audit logs and audit trails
*Additional protections may be instituted at the request of the data custodian