Controlled Unclassified Information (CUI) Program Security & Requirements Plan

Description of Service:

Users can choose either a Core Server, where you are the system administrator and install all software, or a Managed Server, which allows you to focus on managing applications instead of the operating system. Both options free you from managing physical servers and offer flexibility to select the right options for your campus computing needs.

Description of Compliance:

UNM Servers can be hosted at UNM IT Datacenter, Dept or Unit Data center, or in the Center for High Performance Computing Data Center.

Servers includes the safeguards required by Controlled Unclassified Information (CUI) regulations. Accordingly, you may use it to maintain Protected Health Information. Complying with Controlled Unclassified Information (CUI) requirements is a shared responsibility. Users sharing and storing PHI in UNM Servers are responsible for complying with CUI safeguards, including:

• Using and disclosing only the minimum necessary PHI for the intended purpose.
• Obtaining all required authorizations for using and disclosing PHI.
• Ensuring that PHI is seen only by those who are authorized to see it.
• Following any additional steps required by your unit to comply with HIPAA.

Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as the Data Warehouse. IA can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IIA via the ITS Service Center.)

Link to Service Information:

Service Level and Cost Model

Resources:

Using UNM IT CUI-Aligned Services: What UNM Units Need to Know (link)