Ohio University

Federal Information Security Management Act Data

Definition: Under some federal contracts or grants, information the university collects or information systems that the university uses to process or store research data are required to comply with this FISMA legislation.

Governing Authority: Federal Information Security Management Act (FISMA)

Responsible Operating Unit: Office of Research

Examples: Research in which data is provided by federal organizations such as the National Institutes of Health, NASA, or the Department of Veteran's Affairs.

Special Considerations: FISMA requires that federal agencies and those providing services on their behalf develop, document, and implement security programs for information technology systems and store the data on U.S. soil. The data that is regulated by FISMA is often times noted in a Request for Proposal (RFP) or in contract or grant language. It is critical that researchers and principal investigators review contract and grant language closely to identify information security requirements as well as the need for FISMA compliance.

Acceptable IT Services & Tools:

  • None.

Consultation Required:

  • None.

Not Permitted IT Services & Tools:

  • Blackboard
  • OnBase
  • OneDrive/O365 Group or individual accounts
  • PeopleSoft
  • Personal cloud accounts
  • Personal/Non-University owned devices
  • Qualtrics
  • NAS departmental shared storage (shared.ohio.edu)
  • NAS individual home storage (home.ohio.edu)

If you don't see the IT service or tool listed that you wish to use to store data classified as medium or high sensitivity, contact Information Security to determine if it's appropriate for your data type.