The United States Department of Defense (DoD) is implementing new information security standards for research contracted to third parties, such as The Texas A&M University System (A&M System). As described in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, research utilizing or developing Controlled Defense Information (CDI) is subject to the standards outlined by the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171). A&M System researchers with contracts carrying this DFARS clause are subject to these standards.
To assist these researchers in compliance and prepare for broader regulations regarding the safeguarding of Controlled Unclassified Information (CUI), the A&M System has established a Research Security Office (RSO).
The RSO has determined that meeting most of the technology requirements of NIST SP 800-171 can be accomplished by deploying a Secure Computing Enclave (SCE) for the A&M System.
This page gives a general overview of, followed by specifications for The A&M System SCE. It includes the description, configuration and justification for technologies that will meet compliance standards for the technology-dependent requirements of NIST SP 800-171, while taking into account the circumstances of Principle Investigators (PIs) and researchers in these areas:
CORE NETWORK AND DMZ
Guidance for implementing the SCE network using Cisco, Palo Alto Networks and VMware NSX hardware and software.
INFRASTRUCTURE
Direction for implementing Hyper-Converged Infrastructure from DELL EMC Vscale Architecture with compute and storage.
VIRTUALIZATION
Guidance for implementing VMware’s Virtualization Infrastructure based on VMware’s Software Defined Data Center (SDDC) design.
CORE SERVICES
Details about SCE services that make possible the RSO mission of enabling A&M System Members to comply with Federal guidelines for handling CUI. These form the basis of the user experience and help provide a safe and secure platform to conduct research.
To better meet the requirements of A&M System researchers, the designs contained herein are structured around the circumstances and capabilities of A&M System stakeholders, including PIs, Administrators and Information Technology (IT) groups, as gathered by the RSO and Deloitte during the design of the SCE. These circumstances and capabilities informed decision making for the technologies described in this blueprint, as did four core Design Principles: Security, Agility, Performance and Availability, which are explained in the Design Principles section.
While the initial purpose of this blueprint is to meet DFARS compliance standards, it is built on next-generation technologies that should enable scalability and modifications for future Federal Government information safeguarding requirements. In utilizing such technologies, the RSO hopes to not only meet current regulatory circumstances (allowing A&M System researchers to continue their work), but to also provide a competitive advantage for The A&M System in the future. A user-centric solution incorporating leading edge technologies should be attractive to researchers interested in conducting research contracted by the Federal Government, as well as to Government Sponsors seeking to secure research services.