Enclave: Security

The MedRIC Enclave complies with over 450 Federal Information Security Modernization Act of 2014 (FISMA) safeguards that help secure your sensitive analytic work without requiring you to build FISMA-compliant systems, undergo annual federal security audits, and obtain federal agency certifications on your own.

On this page, we highlight four categories of FISMA safeguards implemented in the MedRIC Enclave–namely, CMS Auditing and Authorization; Physical Security; System Security; and User and Administrator Security.

Security Topics

To access content for each security topic, click the left arrow next to the topic heading.

A disabled version of the left arrow.

CMS Auditing & Authorization

The MedRIC Enclave satisfies FISMA security audit and certification requirements, including but not limited to:

  • Annual FISMA Audits conducted by an independent, CMS-designated security firm to verify the security of your Enclave data and work; and
  • CMS Authority to Operate (ATO) Certification, which authorizes our Enclave to store sensitive CMS data for your research project.
A disabled version of the left arrow.

Physical Security

We physically secure the hardware resources housing your research data and findings in accordance with 21 physical environment mandates set by FISMA. These safeguards include but are not limited to:

  • 24/7 Video Monitoring of MedRIC Enclave Resources to detect unauthorized access to Enclave facilities;
  • Intrusion Detection Alarms that directly alert local police authorities to any tripped alarms, so that those authorities can take immediate action; and
  • an Undisclosed Data Center Location that limits the ability of malicious groups to locate and attack our Enclave facilities.
A disabled version of the left arrow.

System Security

We safeguard your dedicated Enclave workspace in accordance with 198 FISMA system security controls. This safeguarding includes but is not limited to:

  • Multiple Firewalls that control the type of information that flows into and out of the Enclave;
  • Blocked Internet within the Enclave to limit the possibility of an Internet-based hack and data breaches;
  • Data Encryption that protects your data resources both:
  • At Rest so that, in the unlikely event that hackers compromise our physical security and steal Enclave hardware, they cannot access and use your study files easily;
  • In Transit to minimize the possibility that hackers can intercept files that you are approved to transfer into and out of the Enclave; and
  • Logs of Enclave Administrator and User Activity to not only comply with FISMA requirements but also to ensure that our security staff can identify any user, whether internal or external, who attempts to take any unauthorized Enclave actions.
A disabled version of the left arrow.

User and Administrator Security

In addition to physical and system security safeguards, we satisfy 90 FISMA security mandates for identifying, authorizing, and training both MedRIC Enclave users and MedRIC Enclave administrators. These mandates include but are not limited to:

  • A Compliance Officer (CO) for Your Study who authorizes individuals in your organization to access the MedRIC Enclave and renews those authorizations on a regular basis;
  • Remote Identity Proofing (RIDP) that makes it challenging for identity thieves to impersonate you when configuring your Enclave account;
  • Multifactor Authentication (MFA) to limit hackers from easily compromising your Enclave user account; and
  • Online Security and Privacy Training that explains how to use Enclave resources in accordance with FISMA and CMS requirements.

Icons made by Freepik from www.flaticon.com

Website icon with lock symbol