ASA Security – GDPR and NIST 800-171
This bullet item has been added to the HPC Annual Grant Request Form (https://www.asc.edu/hpc/ASA-HPC-Annual-Grant-Request-Form):
The Alabama Supercomputer Authority provides HPC services and resources for use by faculty, staff, and enrolled students at public educational institutions in Alabama. None of the anticipated usage is expected to be subject to the European Union General Data Protection Regulation (GDPR). As such, Alabama Supercomputer Authority services and resources are not compliant with GDPR. No data that is subject to GDPR should be processed or stored on ASA HPC systems. If you determine that your usage is subject to GDPR, do NOT submit this form, but instead please contact the HPC support staff at firstname.lastname@example.org to discuss your needs.
This bullet item has been added to the ASA Acceptable Use Policy (https://www.asc.edu/content/ASAP20-ASA-Acceptable-Use-Policy):
- ASA services and resources are provided for use by ASA clients based in Alabama. None of the anticipated usage is expected to be subject to the European Union General Data Protection Regulation (GDPR). As such, ASA services and resources are not compliant with GDPR. No data that is subject to GDPR should be processed or stored on ASA systems. If you determine that your usage is subject to GDPR, please contact the ASA Business Office to discuss your needs.
The current NIST 800-171 ASA status is:
- ASA is aware of the requirements of some federal agencies for NIST 800-171 compliance for federal contractors and subcontractors. HPC users at some research universities have notified us that NIST 800-171 compliance could become a requirement in the future for grantees and sub-grantees receiving federal funds. Based on this possibility and our commitment to provide HPC resources that can continue to be applied for sponsored research, ASA is investigating the requirements for making systems compliant with NIST 800-171 where applicable. To date, a gap analysis has been performed, and we continue to investigate steps and costs for required Alabama Supercomputer Center upgrades and procedures changes. It should be noted that the federal government has not announced a requirement for NIST 800-171 compliance for federal grantees and sub-grantees.