U.S. Department of Defense Data Management
As you prepare your Department of Defense grant proposal, the following aspects of your data management plan must be considered. Read through these sections and follow the instructions to ensure this section of your grant proposal is properly prepared.
Please Note: Baylor University Researchers who receive an award from the DoD are required to use the BaylorITS – Microsoft Azure Secure Research Platform. This platform is the only approved location for computing activities that meet the NIST 800-171 security controls as applied through DFARS 252.204-7012 requirements. The use of flash drives, network attached storage, Baylor Box, and many others, are prohibited from use with DoD data. For more information, including pricing options, please contact research_technology@baylor.edu.
Overview
Types of Data Produced
Data and metadata standards
Conditions for access and sharing
Conditions and provisions for reuse, redistribution, and derivatives
Plans for archiving and preservation
Justification for the restriction of data
Types of Data Produced
The types of data, software, curriculum materials, and other materials to be produced in the course of the project that are publicly released.
Data Description
Describe the data that will be collected or created. Make sure to describe the content of the data, as well as the coverage and type of data.
How could the data complement or integrate with currently existing data? Is there any existing data or method that could be used?
Is the data valuable over a long period of time? If so, please indicate this for any applicable data. Also, mention if the data should be shared and/or preserved.
Explain how issues such as copyright will be addressed if utilizing existing data.
Data and Metadata Standards
The standards to be used for data and metadata format and content.
Data Format
Describe the data format you will be using. Some examples may include plain text, comma-separated values (.csv), geo-referenced TIFF, etc.
Explain the decision to use your designated data formats.
Metadata and Documentation
Will you provide metadata to help others use the data? If so, what metadata will be provided.
It is highly encouraged that researchers use community metadata standards. Metadata standards can be found online. An example of metadata standards may be found here https://atlan.com/metadata-standards/
What, if any, other documentation is needed to enable reuse of the data?
How is the data being captured? Where is it being recorded?
Conditions for Access and Sharing
Conditions for access and sharing including provisions for appropriate protection of privacy, confidentiality, security, intellectual property, or other rights or requirements.
Ethics and Privacy
Consent should be requested in order to preserve and share data that involves human participants. Baylor University Institutional Review Board (IRB) review may be required. BU Researcher Guidance for IRB review is available at this URL: https://resources.research.baylor.edu/research-offices/research-compliance/human-subjects/researcher-guidance
How will you protect the personal information of participants?
Demonstrate that you are aware of ethical issues that affect data storage and transfer. Also keep in mind who can utilize the data and how long the data is kept.
Intellectual Property Rights
Who will own the copyright and Intellectual Property Rights of project data?
Will there be any restrictions placed on data sharing? If so, please explain.
Storage and Security
Baylor researchers who receive a research award from the DoD are required to use the BaylorITS – Microsoft Azure Secure Research Platform. This platform is the only approved location for computing activities that must meet the NIST 800-171 security controls as applied through DFARS 252.2054-7012 requirements. The use of flash drives, network attached storage, Baylor Box, and many others, are prohibited from use with DoD data. Please do not incorporate or reference these resources in your data management plan. Contact research_technology@baylor.edu for more information.
Copy and paste the following statement to describe the secure research platform:
Baylor University has established a Microsoft Azure - GCC High tenant to support NIST 800-171 compliance. Compliance with NIST 800-171 is a combination of technical and process-based controls. Technical controls operate under a shared responsibility model between Microsoft and BU. Attestation of GCC High platform compliance is available from Microsoft and is available upon request.Inclusive of the computing platform, Office 365 GCC High and DoD is assessed using the National Institute of Standards and Technology (NIST) Special Publication 800-53 controls at a FIPS 199 High Categorization, where the security controls and control enhancements for United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information are up to Impact Level 5 (L5). All data stored through the Baylor University – Microsoft Azure Secure Research Platform reside in a data center within the continental United States.
An active Supplier Performance Risk Assessment (SPRS) profile for Baylor University is active with the Department of Defense for the handling of CUI and renews during February of each year. Baylor University is registered with the Directorate of Defense Trade Controls (DDTC).
Where will data be stored and backed up throughout the span of the research? This could vary if multiple sites are involved with the research.
Copy and paste the following statement:
Backup data files are stored in two locations in conjunction with the Baylor University – Microsoft Azure Secure Research Platform.
1) A localized immediate recovery copy is stored for prompt recovery in a data storage repository scoped within the lab
2) Long-term backup files are stored off-site and within the Microsoft Azure GCC-High Blob storage service. Data backup files never egress beyond the Baylor University – Microsoft Azure Secure Research Platform boundary.Who is responsible for data backup? How often will it be performed?
Copy and Paste the following statement:
BaylorITS is responsible for the implementation, management, and monitoring of backup jobs in the Baylor University – Microsoft Azure Secure Research Platform. Backup job frequency is determined during the onboarding process with the PI. Frequency may be nightly or weekly. Access to the environment is not provided to PI’s until a backup job and frequency have been established. Backup jobs are not stored on local workstations as the primary recovery copy.Describe the main risks associated with your data in terms of data security. How are these risks going to be mitigated? Are there any data security policies in place?
Copy and paste the following statement:
BaylorITS maintains compliance with NIST 800-171 security controls for the Baylor University – Microsoft Azure Secure Research Platform. Controlled Unclassified Information labeling tools and training are provided to PI’s during the onboarding process. Data sharing externally is not available by default to users of the environment. BaylorITS facilitates the egress of data outside the boundary through a Change Management Process which includes a data security review prior to allowing data to transit.
Data Sharing
How will data be shared? Will it be deposited in a data repository? If another method will be used, please explain.
Copy and paste the following statement:
Baylor ITS facilitates the sharing of data. The use of DoD Safe is the primary method for returning data to the DoD. Baylor ITS, when requested, provides access to the DoD Safe site.
In cases where the data is to be shared outside of DoD, Baylor ITS facilitates data sharing requests and provides a data transfer solution. The BU – Office of the Vice Provost, facilitates the approval of sharing data to external entities that are covered under the government-restricted data classification.When will research data be made available?
Who will be allowed to utilize your data? If access to the data must be restricted, please explain the reason.
If applicable, how will data sharing be restricted? This can include methods such as requiring participant consent, anonymizing data, etc.
Do you feel that your data can be used for other purposes? If so, theorize how this could be used.
Conditions and provisions for reuse, redistribution, and derivatives
Conditions and provisions for reuse, redistribution, and the creation of derivative works.
Ethics and Privacy
Consent should be requested in order to preserve and share data that involves human participants.
How will you protect the personal information of participants?
Demonstrate that you are aware of ethical issues that affect data storage and transfer. Also keep in mind who can utilize the data and how long the data is kept.
Intellectual Property Rights
Who will own the copyright and Intellectual Property Rights of project data?
Will there be any restrictions placed on data sharing? If so, please explain.
Plans for archiving and preservation
Plans for archiving datasets, or data samples, and other digitally formatted scientific data, and
for preservation of access thereto. Explicitly describe how the data that underlies scientific
publications will be available for discovery, retrieval, and analysis. In accordance with OSTP
Memorandum on Public Access of Federally Funded Research, https://www.whitehouse.gov/wp-content/uploads/2022/08/08-2022-OSTP-Public-access-Memo.pdf, digitally formatted scientific data resulting from unclassified, publicly releasable research supported wholly or in part by DoD funding should be stored and publicly accessible to search, retrieve, and analyze to the extent feasible and consistent with applicable law and policy; agency mission; resource constraints; and U.S. national, homeland, and economic security.
Storage and Security
Where will your data be stored and backed up over the course of your research?
Who is responsible for data backup? How often will data be backed up?
Data Repository
If the data is to be deposited, where will it be placed? If it will NOT be deposited, your data management plan should show how the data can be preserved beyond the grant timeline.
If you are working with a data repository, show how you have worked with them to maintain any standards or policies.
Preservation
What plans do you have for data preservation and sharing? Where will it be archived and for how long? Are any other resources required to prepare the data for data repositories?
Justification for the restriction of data
If, for legitimate reasons, the data cannot be preserved and made available for public access, the plan will include a justification citing such reasons.
Contact research_technology@baylor.edu for guidance in utilizing technology resources for Department of Defense funded research.
Special thanks to San Jose State University for their excellent work on their Department of Defense instruction guide that inspired this resource.