CCSS-RS

The Researcher is authorized to access only the restricted data residing within the folders (and subfolders) on the CRADC computing system and Secure Standalone Desktop in accordance with their DUA to maintain the security and confidentiality of the encompassed data.

Providing anyone else with given credentials to access the restricted data or CRADC computing systems or the Secure Standalone Desktop is strictly forbidden.

The Researcher is not to attempt to circumvent, or disable any of the security controls in place on the CRADC computing systems or the Secure Standalone Desktop. If at any time the Researcher is aware of a potential security incident that may place the restricted data at risk of unauthorized access, it is the responsibility of the Researcher to contact CRADC’s Security Liaison and abide by Cornell University Policy 5.4.2, Reporting Electronic Security Incidents.

Restricted data on the CRADC system or the Secure Standalone Desktop may only be used for non‐proprietary scientific research.

When required by the DUA, the CCSS Secure Data Services staff will disclosure proof any files uploaded to, or downloaded from, the CRADC computing system or the Secure Standalone Desktop. Such files will be delivered by Cornell’s Secure Dropbox service, SFTP or HTTPS to authorized IP addresses, or other methods considered appropriate by CCSS Secure Data Services staff to insure compliance with the DUA.

CRADC:

If permissible by the Data Provider, researchers may utilize either SFTP or HTTPS protocol to transmit restricted data.To secure access to use SFTP or HTTPS protocol, the Researcher must provide a pre‐designated static IP address that is specific to a campus or industry location (no personal residences allowed). SFTP and HTTPS access is limited to the Researcher’s personal project folder only.

Email or instant messaging should not be used to transmit restricted data. Nor should restricteddata be placed on portable devices or media such as mobile phones, PDAs, USB drives, and CDs/DVDs unless allowable according to the DUA.

Secure Standalone Desktop:

CCSS Secure Data Services staff are the only individuals permitted to transfer data on and off the Secure Standalone Desktop, as permissible by the Data Provider. Researcher access to hardware auxiliary devices (e.g. CD-ROM, DVD, USB, etc.) is not permitted.

Approved distribution methods for restricted data, as performed by the CCSS Secure Data Services staff, are Cornell’s Secure Dropbox service, SFTP or HTTPS to an authorized IP address that is specific to a campus or industry location (no personal residences allowed), or methods vetted and considered appropriate by CCSS Secure Data Services staff to insure compliance with the DUA.

Restricted data should only be distributed to known computing systems, with verified security measures in place prior to the transfer. Person(s) receiving the restricted data must have a current signed DUA that asserts an understanding of the required security protections, including the governed regulations, policies and laws, as appropriate.