Under the Federal Information Security Modernization Act (FISM) federal agencies and those providing services on their behalf must develop, document, and implement security programs for information technology systems. Data from these programs must be stored on U.S. soil.
Under some government contracts and grants, research data collected by the university and the systems used to process and store those data must meet FISMA requirements. This requirement is usually specified in requests for proposals, contracts, and grants.
Where does FISMA apply?
Any department or individual working with data provided by federal organizations such as the National Institutes of Health (NIH), the Department of Veterans Affairs (VA), or the National Aeronautics and Space Administration (NASA), may be subject to FISMA requirements. Researchers should review grants and contracts closely to identify FISMA or other security requirements.