MenuSearchA-ZSeven Schools One University

Menu

Close Menu
Info For
Resources
Seven Schools One University

A–Z

Close Menu

Cyber Security

Ensuring the Protection of Research Data and Systems

NSPM directive: Agencies should require that research organizations satisfy the cybersecurity element of the research security program by applying basic safeguarding protocols and procedures as described in NSPM-33.  

Under NSPM-33, federal agencies require research organizations to implement the cybersecurity element of their research security programs. This involves applying basic safeguarding protocols and procedures as outlined in the directive.

Institutions of higher education must certify that they will implement a cybersecurity program consistent with the cybersecurity resource for research institutions described in the CHIPS and Science Act within one year after its publication by the National Institute of Standards and Technology (NIST), Department of Commerce.

UMB Cybersecurity Policies and Partnerships

The Center for Information Technology Services (CITS) is UMB’s central IT organization. CITS establishes policies for the use and security of University information technology resources, which all staff, faculty, students, and guests are expected to follow. These policies are designed to protect the confidentiality, integrity, and availability of University data.

The Office of Research & Development (ORD) partners with CITS to:

  • Implement and maintain baseline safeguarding protocols for information systems used in federally funded research and development (R&D).
  • Protect scientific data from ransomware and other integrity threats.

Handling Sensitive and Controlled Research Data

UMB researchers who receive or generate Controlled Unclassified Information (CUI) or export-controlled information and technology must comply with federal safeguarding requirements to prevent unauthorized disclosure.

To support this, CITS has launched the Secure Research Environment (SRE), a centralized virtual environment designed to:

  • Protect sensitive and restricted research data
  • Provide secure virtual desktop environments and custom compute configurations
  • Allow researchers to access sensitive data with enhanced controls and protections
  • Minimize institutional and investigator risk of unlawful exposure of data

Additionally, NIST 800-171 compliance policies are applied by default to research subscriptions.

For more information and access to the SRE, visit CITS Research Computing and see the SRE Guidebook.

Contact

Office of Research and Development

620 W. Lexington St.
Fourth Floor
Baltimore, MD 21201

410-706-6723

Related

Sponsored Programs Administration Center for Clinical Trials and Corporate Contracts UM Ventures UM BioPark

The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

620 W. Lexington St., Baltimore, MD
21201 | 410-706-3100

The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
© 2025-2026 University of Maryland, Baltimore. All rights reserved.