Data protection and privacy is a foundational part of cybersecurity in the INL High Performance Computing environment. The purpose of this document is to summarize current HPC data protection and management policies and practices.
Access to INL HPC resources is controlled via username and password authentication for both network login access to systems as well as UNIX file system permissions for data storage. Network and data storage systems provide no explicit encryption. HPC home directories are accessible by the directory owner and INL HPC system administrators; immutable system protections ensure that home directories cannot be shared with other users. Project data directories are accessible to those designated by the project owner through written communication with HPC staff.
HPC users are responsible for protecting data files. They acknowledge and understand that INL’s HPC security control implementation is sufficient for data access and storage. Users recognize that files stored in temporary, or scratch, storage areas do not have the same level of data protection as files stored in home or project directories.
INL’s HPC Department does not generate, manage, own or share a user’s research data. Individual users are responsible for the collection, management and sharing of their research data consistent with their own or their sponsor’s data management policies.
Federal Information Security Management Act Compliance
INL HPC systems protect user data in accordance with the Federal Information Security Modernization Act as implemented under DOE Order 205.1C, Department of Energy Cybersecurity Program, which includes compliance with NIST SP 800-53 and NIST SP 800-37, and otherwise in accordance with applicable law cited in DOE Order 205.1C.
INL HPC resources are operated as research systems and should only be used to access and store data related to research and/or education. These research systems are categorized as “moderate” per FIPS-199 and protected to the NIST 800-53 moderate security control baseline.
System Administration Staff
In order to operate and maintain INL HPC resources, system administration staff members have administration-level privileges on all HPC systems, and therefore have access to user and project directories for routine operational support. System administration staff members are U.S. citizens. They follow INL cyber security plans and work under an HPC-specific Department of Energy authority to operate.
HPC Use by Foreign Nationals
INL complies with U.S. export control policies and regulations. HPC use by foreign nationals is generally permitted, given the appropriate approvals are granted from the International Access Program. However, the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals and prohibits the use of HPC resources by individuals and companies on the OFAC sanctioned list. In alignment with this policy, INL will not permit access to HPC resources to citizens of or companies/individuals physically located in countries listed on OFAC Website. This access restriction also applies to companies owned or controlled by, or acting for or on behalf of, the listed countries.