Frequently Asked Questions
What is an enclave?
An enclave can be loosely defined as a segment of network and computing devices which have defined security measures that meet regulatory and contractural compliance for certain data types. You can visualize this as a “container” in which all the needs of the business process occur. You access the enclave from your day-to-day workstation through a secure connection point. Based on your current workflow and in compliance with regulations, you may move data in and out of this container.
How do I get started?
The first step is to submit an Authority to Operate (ATO) request via Service Now. This request will help track and manage your enclave project for its entire life cycle. This Service Now ticket will be how you communicate to receive necessary agents, work through the phased controls, or coordinate your move to an on-prem or cloud environment.
OIS initially collected metrics on level 3 and level 4 systems through a sensitive data inventory spreadsheet. Submitting this information into the ServiceNow ATO request process allows you to have a single point of communication for the project.
What is the user's IT Department security responsibility for the VM (patching, Cylance program updates, Splunk forwarder updates, etc.) ?
How are users, researchers, or administrators able to use peripherals such as a printer or lab device within the enclave?
USB mass storage devices such as thumb drives and external hard drives are prohibited from connecting to the enclave storage.
Printing will also require special network configuration to be able to print information from the enclave to your standard printer or multi-function device. Unit IT staff will work with you to coordinate this process if necessary.
Who needs an enclave?
Anyone who processes Restricted/High Plus (Level 4) or High (level 3) data requires an enclave. Security enclaves house data and process information for a wide variety of units, from administrative function to research projects and initiatives. OIS has develop a tool to help you decide which level applies to your information.
How do I become compliant and receive an ATO?
Please review the quick start guide and security website for more information:
Why does Penn State need enclaves?
In 2017, Penn State implemented two new policies:
- University Policy AD-95: Information Assurance and IT Security
- University Policy AD-96: Acceptable Use of University Resources
AD-95 and its associated standards detail which security controls are required for systems storing and processing Restricted and High information. These controls are in-line with NIST (National Institute of Standards and Technology) 800-171 guidance.
With data breaches on the rise and continuing at a rapid pace, the federal government included two new contract clauses to help safeguard the storage and processing of sensitive data: DFAR 242.204-7012 and FAR 52.204-214. Both clauses reference the implementation of controls found in NIST 800-171.
By December 2017, all contracts that require controls in 800-171 must be met.