Data security and confidentiality is a foundational component of CJARS. Agency partners can only trust us with their data if we treat it at least as carefully as they do. And although many records in CJARS are considered legally public, all are treated equally sensitively as Personally Identifiable Information (PII) data. This page outlines the technical specifications in place to ensure a secure computing environment.
Need-to-know access by CJARS staff
To protect and safeguard sensitive PII, the CJARS research group performs work on their Secure Data Enclave (SDE) via an encrypted Remote Desktop Protocol (RDP) that requires two-factor authentication. The SDE is a fully encrypted, dedicated physical server hosted on a private network by the University of Michigan (U-M) Institute for Social Research (ISR) and managed by the Survey Research Center’s (SRC) Computing and Multimedia Technologies (CMT) department within the ISR. In effect, the SDE is isolated from the greater ISR networks by a dedicated hardware firewall. This highly segmented network provides additional layers of security for ISR systems. The table below details security and hardware specifications of the CJARS SDE server.
Secure Data Enclave specifications
Data Center
|
- Housed within 24x7x365 climate-controlled data center
- Data center access protected by two-factor locked doors
- Limited access to IT system administrators and authorized personnel with security badge
|
Surveillance
|
- 24x7x365 environmental condition monitoring
- 24x7x365 motion-sensitive cameras that send pictures to designated personnel when triggered
|
Visitation
|
- Escorted at all times by ISR employee
|
Power
|
- 2x APC Smart-UPS 3000 to withstand brief outages
|
Identity and Access
|
- System authentication and authorization managed by Microsoft Active Directory (AD)
- Sign Acceptable Use Policy and complete annual security awareness training to gain authorization via RDP connection
- Multifactor authentication via Duo Security for RDP connection
|
Auditing and Accountability
|
- Network access monitored by automated intrusion detection system (IDS)
- Data transfers into or out of SDE reviewed by the project PI or their direct delegate and logged using log correlation system
- Audited system logins
|
Firewall
|
- Externally-facing services located behind border firewall to allow access to specific hosts and services
- Internally-facing services separated by another firewall with a limited set of exception rules
- Administrative access to network devices limited to encrypted protocols
- Ingress and egress filtering to prevent unauthorized data exfiltration
|
Encryption
|
- Windows BitLocker full-disk encryption using 256-bit AES key
|
Procedure
|
- Daily backups via enterprise-level disk-to-disk backup system
- Full monthly backups written to encrypted tapes and stored in a locked, fire-resistant safe at a remote storage facility
|
Data Redundancy
|
- Daily hard copy backups encrypted and replicated between two physical buildings separated by two city blocks
|
Media Protection
|
- Transported in locked containers and attended by trained staff
- Physically destroyed under staff supervision when no longer required
|
Processor
|
- 3x Intel Xeon E5-2643 v3 Quad-Core CPU Processor 3.40 GHz
|
Number of Processors
|
|
Operating System
|
- Microsoft Windows NT 6.2 Server
|
System Type
|
- 64-bit Operating System, x64-based processor
|
System Memory (RAM)
|
|
Hard Drive Capacity
|
|
Hypervisor
|
- Windows Hyper-V Host Server (4 virtual servers for data management and analysis)
|
Project Management
|
- Trac Wiki System
- Git Version Control
|