Data Classification#
Important
Before using your AWS account to store, process, or transmit data, you must determine its Internal and External classification and ensure the hosting environment is rated to manage that data type.
Data Classification Levels#
Internal#
The University classifies data in three levels:
Public
Confidential
Highly Confidential
For information about what category your data falls in, see this Data Governance documentation.
External#
Along with CU data classifications, some data types, such as HIPAA and PCI DSS, are regulated by outside entities. This data must adhere to additional requirements and auditing above what CU requires internally.
Externally-regulated data also includes, but is not limited to: contracts with a DFARS 7021 clause, requirements for CMMC certification, and all Controlled Unclassified Information (CUI).
Important
No External (regulated) data of any kind is supported on LCA1. If you need to host regulated data, please contact the Secure Research Computing team. They run a separate platform specifically designed to handle highly-secure data.
AWS LCA1 Data Classification Support#
The table below outlines the level of support for the different data classifications in the AWS LCA1 landing zone.
Data Classification |
Supported on LCA1? |
|---|---|
Internal - Public |
Yes ✅ |
Internal - Confidential |
Yes ✅ |
Internal - Highly Confidential |
No ⛔️ |
External |
No ⛔️ |
Note
Even for supported data classifications, the LCA1 platform alone does not satisfy all required security controls to protect that data. You must implement additional controls within your workload. Please see Shared Responsibility Model for more information.