Äcdocutils.nodes
document
q
)Åq}q(U	nametypesq}q(X���dataone cybersecurity planqNX���approval workflowqNX4���cybersecurity milestones in dataone project year oneqNXK���dataone cybersecurity planning posture progression through project lifetimeq	NX(���institutional cybersecurity requirementsq
NX���general principlesqNX ���dataone institutional componentsqNX���dataone management planq
àX'���dataone wide cybersecurity requirementsqNuUsubstitution_defsq}qUparse_messagesq]qUcurrent_sourceqNU
decorationqNUautofootnote_startqK
Unameidsq}q(hUdataone-cybersecurity-planqhUapproval-workflowqhU4cybersecurity-milestones-in-dataone-project-year-oneqh	UKdataone-cybersecurity-planning-posture-progression-through-project-lifetimeqh
U(institutional-cybersecurity-requirementsqhUgeneral-principlesqhU dataone-institutional-componentsqh
Udataone-management-planqhU'dataone-wide-cybersecurity-requirementsq uUchildrenq!]q"cdocutils.nodes
section
q#)Åq$}q%(U	rawsourceq&U�Uparentq'hUsourceq(Xi���/var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/security-plan.txtq)Utagnameq*Usectionq+U
attributesq,}q-(Udupnamesq.]Uclassesq/]Ubackrefsq0]Uidsq1]q2haUnamesq3]q4hauUlineq5KUdocumentq6hh!]q7(cdocutils.nodes
title
q8)Åq9}q:(h&X���DataONE Cybersecurity Planq;h'h$h(h)h*Utitleq<h,}q=(h.]h/]h0]h1]h3]uh5Kh6hh!]q>cdocutils.nodes
Text
q?X���DataONE Cybersecurity Planq@ÖÅqA}qB(h&h;h'h9ubaubcdocutils.nodes
field_list
qC)ÅqD}qE(h&U�h'h$h(h)h*U
field_listqFh,}qG(h.]h/]h0]h1]h3]uh5Kh6hh!]qHcdocutils.nodes
field
qI)ÅqJ}qK(h&U�h'hDh(h)h*UfieldqLh,}qM(h.]h/]h0]h1]h3]uh5Kh6hh!]qN(cdocutils.nodes
field_name
qO)ÅqP}qQ(h&X���AboutqRh'hJh(h)h*U
field_nameqSh,}qT(h.]h/]h0]h1]h3]uh5K�h!]qUh?X���AboutqVÖÅqW}qX(h&hRh'hPubaubcdocutils.nodes
field_body
qY)ÅqZ}q[(h&XN���This document forms Appendix C of the `DataONE management plan`_, version 3.0
h,}q\(h.]h/]h0]h1]h3]uh'hJh!]q]cdocutils.nodes
paragraph
q^)Åq_}q`(h&XM���This document forms Appendix C of the `DataONE management plan`_, version 3.0h'hZh(h)h*U	paragraphqah,}qb(h.]h/]h0]h1]h3]uh5Kh!]qc(h?X&���This document forms Appendix C of the qdÖÅqe}qf(h&X&���This document forms Appendix C of the h'h_ubcdocutils.nodes
reference
qg)Åqh}qi(h&X���`DataONE management plan`_UresolvedqjK
h'h_h*U	referenceqkh,}ql(UnameX���DataONE management planUrefuriqmXW���https://docs.dataone.org/member-area/documents/management/project-management-plans-pmp/qnh1]h0]h.]h/]h3]uh!]qoh?X���DataONE management planqpÖÅqq}qr(h&U�h'hhubaubh?X
���, version 3.0qsÖÅqt}qu(h&X
���, version 3.0h'h_ubeubah*U
field_bodyqvubeubaubcdocutils.nodes
target
qw)Åqx}qy(h&Xt���.. _DataONE management plan: https://docs.dataone.org/member-area/documents/management/project-management-plans-pmp/U
referencedqzK
h'h$h(h)h*Utargetq{h,}q|(hmhnh1]q}hah0]h.]h/]h3]q~h
auh5Kh6hh!]ubh#)Åq}qÄ(h&U�h'h$h(h)h*h+h,}qÅ(h.]h/]h0]h1]qÇhah3]qÉhauh5K
h6hh!]qÑ(h8)ÅqÖ}qÜ(h&X���General Principlesqáh'hh(h)h*h<h,}qà(h.]h/]h0]h1]h3]uh5K
h6hh!]qâh?X���General PrinciplesqäÖÅqã}qå(h&háh'hÖubaubh^)Åqç}qé(h&Xá��Cybersecurity for DataONE is predicated on the fact that DataONE is a
collaboration of researchers, data providers, institutions, coordinating
nodes, member nodes, data collections and other infrastructure components. As
such it is inherently a virtual organization. DataONE as an entity spans many
organizations and administrative domains. The goal of the cybersecurity in
DataONE is to protect the infrastructure that those organizations and
administrative domains contribute to DataONE as well as the data collections
and the DataONE user community. DataONE, as a virtual organization, will
naturally need to accommodate the highly variable security regimes that are in
use in its various partners. In planning for cybersecurity in this
environment, a layered approach must be used. Each DataONE entity must
simultaneously meet requirements of its local institution and must also
integrate into the DataONE cyberinfrastructure. DataONE is also a mixture of
operational systems to accept and deliver scientific data and research
endeavors to improve the overall data management lifecycle. The cybersecurity
management for DataONE will need to be flexible enough to support the very
different needs of research and operations. The cybersecurity posture of
DataONE will evolve over time both because of continuing maturation of DataONE
operational strategies and because of an ever-evolving cybersecurity
landscape.qèh'hh(h)h*hah,}qê(h.]h/]h0]h1]h3]uh5Kh6hh!]qëh?Xá��Cybersecurity for DataONE is predicated on the fact that DataONE is a
collaboration of researchers, data providers, institutions, coordinating
nodes, member nodes, data collections and other infrastructure components. As
such it is inherently a virtual organization. DataONE as an entity spans many
organizations and administrative domains. The goal of the cybersecurity in
DataONE is to protect the infrastructure that those organizations and
administrative domains contribute to DataONE as well as the data collections
and the DataONE user community. DataONE, as a virtual organization, will
naturally need to accommodate the highly variable security regimes that are in
use in its various partners. In planning for cybersecurity in this
environment, a layered approach must be used. Each DataONE entity must
simultaneously meet requirements of its local institution and must also
integrate into the DataONE cyberinfrastructure. DataONE is also a mixture of
operational systems to accept and deliver scientific data and research
endeavors to improve the overall data management lifecycle. The cybersecurity
management for DataONE will need to be flexible enough to support the very
different needs of research and operations. The cybersecurity posture of
DataONE will evolve over time both because of continuing maturation of DataONE
operational strategies and because of an ever-evolving cybersecurity
landscape.qíÖÅqì}qî(h&hèh'hçubaubeubh#)Åqï}qñ(h&U�h'h$h(h)h*h+h,}qó(h.]h/]h0]h1]qòhah3]qôhauh5K#h6hh!]qö(h8)Åqõ}qú(h&X ���DataONE Institutional Componentsqùh'hïh(h)h*h<h,}qû(h.]h/]h0]h1]h3]uh5K#h6hh!]qüh?X ���DataONE Institutional Componentsq†ÖÅq°}q¢(h&hùh'hõubaubh^)Åq£}q§(h&XŸ���DataONE consists of several types of components both in terms of humans,
systems, institutions, and organizations. This section is a brief summary of
those components and their DataONE roles in terms of cybersecurity:q•h'hïh(h)h*hah,}q¶(h.]h/]h0]h1]h3]uh5K%h6hh!]qßh?XŸ���DataONE consists of several types of components both in terms of humans,
systems, institutions, and organizations. This section is a brief summary of
those components and their DataONE roles in terms of cybersecurity:q®ÖÅq©}q™(h&h•h'h£ubaubh^)Åq´}q¨(h&X���**Scientific Researchers**q≠h'hïh(h)h*hah,}qÆ(h.]h/]h0]h1]h3]uh5K)h6hh!]qØcdocutils.nodes
strong
q∞)Åq±}q≤(h&h≠h,}q≥(h.]h/]h0]h1]h3]uh'h´h!]q¥h?X���Scientific ResearchersqµÖÅq∂}q∑(h&U�h'h±ubah*Ustrongq∏ubaubh^)Åqπ}q∫(h&X
��DataONE will host data and provide access to data for science researchers.
DataONE will frame appropriate data curation policies as part of Partnership
Agreements with Member Nodes. Data integrity must be maintained throughout the
data life cycle when managed by DataONE.qªh'hïh(h)h*hah,}qº(h.]h/]h0]h1]h3]uh5K+h6hh!]qΩh?X
��DataONE will host data and provide access to data for science researchers.
DataONE will frame appropriate data curation policies as part of Partnership
Agreements with Member Nodes. Data integrity must be maintained throughout the
data life cycle when managed by DataONE.qæÖÅqø}q¿(h&hªh'hπubaubh^)Åq¡}q¬(h&X"���**DataONE staff and team members**q√h'hïh(h)h*hah,}qƒ(h.]h/]h0]h1]h3]uh5K0h6hh!]q≈h∞)Åq∆}q«(h&h√h,}q»(h.]h/]h0]h1]h3]uh'h¡h!]q…h?X���DataONE staff and team membersq ÖÅqÀ}qÃ(h&U�h'h∆ubah*h∏ubaubh^)ÅqÕ}qŒ(h&X˘
��DataONE funded staff will operate DataONE resources and develop DataONE
software and tools in accordance with DataONE cybersecurity policies and the
policies of their home institutions. DataONE coordinating nodes: A critical
part of the DataONE physical cyber- infrastructure will be located at the
Coordinating Nodes. These components will be operated within the current
acceptable policy environments of these host institutions. In addition, these
resources must meet the requirements for DataONE nodes.qœh'hïh(h)h*hah,}q–(h.]h/]h0]h1]h3]uh5K2h6hh!]q—h?X˘
��DataONE funded staff will operate DataONE resources and develop DataONE
software and tools in accordance with DataONE cybersecurity policies and the
policies of their home institutions. DataONE coordinating nodes: A critical
part of the DataONE physical cyber- infrastructure will be located at the
Coordinating Nodes. These components will be operated within the current
acceptable policy environments of these host institutions. In addition, these
resources must meet the requirements for DataONE nodes.q“ÖÅq”}q‘(h&hœh'hÕubaubh^)Åq’}q÷(h&X���**DataONE member nodes**q◊h'hïh(h)h*hah,}qÿ(h.]h/]h0]h1]h3]uh5K:h6hh!]qŸh∞)Åq⁄}q€(h&h◊h,}q‹(h.]h/]h0]h1]h3]uh'h’h!]q›h?X���DataONE member nodesqfiÖÅqfl}q‡(h&U�h'h⁄ubah*h∏ubaubh^)Åq·}q‚(h&X#��All data collectively managed by DataONE will be located at the member nodes.
These components will be operated within the current acceptable policy
environments of these host institutions. In addition, these resources must
meet the requirements for DataONE nodes. Member nodes will vary in terms of
size, sophistication, and current and future management that will be
accommodated. Specific organizational data security policies and practices
will be adhered to within DataONE in the process of sharing data through or
within the DataONE network.q„h'hïh(h)h*hah,}q‰(h.]h/]h0]h1]h3]uh5K<h6hh!]qÂh?X#��All data collectively managed by DataONE will be located at the member nodes.
These components will be operated within the current acceptable policy
environments of these host institutions. In addition, these resources must
meet the requirements for DataONE nodes. Member nodes will vary in terms of
size, sophistication, and current and future management that will be
accommodated. Specific organizational data security policies and practices
will be adhered to within DataONE in the process of sharing data through or
within the DataONE network.qÊÖÅqÁ}qË(h&h„h'h·ubaubh^)ÅqÈ}qÍ(h&X8���**DataONE data collection owners/contributors/stewards**qÎh'hïh(h)h*hah,}qÏ(h.]h/]h0]h1]h3]uh5KEh6hh!]qÌh∞)ÅqÓ}qÔ(h&hÎh,}q(h.]h/]h0]h1]h3]uh'hÈh!]qÒh?X4���DataONE data collection owners/contributors/stewardsqÚÖÅqÛ}qÙ(h&U�h'hÓubah*h∏ubaubh^)Åqı}qˆ(h&X
��Data aggregated in DataONE will, in many cases, be delivered by or derived
from existing datasets. The obligations and expectations of DataONE and these
collections sources will be documented in Partnership Agreements by the
involved organizations/institutions.q˜h'hïh(h)h*hah,}q¯(h.]h/]h0]h1]h3]uh5KGh6hh!]q˘h?X
��Data aggregated in DataONE will, in many cases, be delivered by or derived
from existing datasets. The obligations and expectations of DataONE and these
collections sources will be documented in Partnership Agreements by the
involved organizations/institutions.q˙ÖÅq˚}q¸(h&h˜h'hıubaubh^)Åq˝}q˛(h&X���**DataONE data collections**qˇh'hïh(h)h*hah,}r�
��(h.]h/]h0]h1]h3]uh5KLh6hh!]r

��h∞)År
��}r
��(h&hˇh,}r
��(h.]h/]h0]h1]h3]uh'h˝h!]r
��h?X���DataONE data collectionsr
��ÖÅr
��}r
��(h&U�h'j
��ubah*h∏ubaubh^)År	
��}r

��(h&X2
��One of the key goals of the cybersecurity plan is protecting the integrity,
availability and confidentiality of the data collections managed by DataONE.
DataONE will develop the necessary policies, practices, and processes to
insure data are properly protected and available only to those permitted
access.r
��h'hïh(h)h*hah,}r
��(h.]h/]h0]h1]h3]uh5KNh6hh!]r

��h?X2
��One of the key goals of the cybersecurity plan is protecting the integrity,
availability and confidentiality of the data collections managed by DataONE.
DataONE will develop the necessary policies, practices, and processes to
insure data are properly protected and available only to those permitted
access.r
��ÖÅr
��}r
��(h&j
��h'j	
��ubaubh^)År
��}r
��(h&X8���**Research organizations that generate long-lived data**r
��h'hïh(h)h*hah,}r
��(h.]h/]h0]h1]h3]uh5KTh6hh!]r
��h∞)År
��}r
��(h&j
��h,}r
��(h.]h/]h0]h1]h3]uh'j
��h!]r
��h?X4���Research organizations that generate long-lived datar
��ÖÅr
��}r
��(h&U�h'j
��ubah*h∏ubaubh^)År
��}r
��(h&Xfi���DataONE will engage with data creators to host, replicate, and/or curate data
collections. DataONE will use appropriate Partnership Agreements to specify
how these activities will occur, including cybersecurity agreements.r
��h'hïh(h)h*hah,}r 
��(h.]h/]h0]h1]h3]uh5KVh6hh!]r!
��h?Xfi���DataONE will engage with data creators to host, replicate, and/or curate data
collections. DataONE will use appropriate Partnership Agreements to specify
how these activities will occur, including cybersecurity agreements.r"
��ÖÅr#
��}r$
��(h&j
��h'j
��ubaubh^)År%
��}r&
��(h&X���**Research Libraries**r'
��h'hïh(h)h*hah,}r(
��(h.]h/]h0]h1]h3]uh5KZh6hh!]r)
��h∞)År*
��}r+
��(h&j'
��h,}r,
��(h.]h/]h0]h1]h3]uh'j%
��h!]r-
��h?X���Research Librariesr.
��ÖÅr/
��}r0
��(h&U�h'j*
��ubah*h∏ubaubh^)År1
��}r2
��(h&X=��DataONE will engage with research libraries both as contributors of data
provided by DataONE and as institutional users of DataONE digital data
services. Appropriate Partnership Agreements will be created and executed in
order to understand the agreed levels of mutual service between DataONE and
research libraries. Educational Institutions: DataONE will view educational
institutions as users and outreach and education opportunities. DataONE will
engage with institutions and their students as individuals or a group to
define user access rules and acceptable use policyr3
��h'hïh(h)h*hah,}r4
��(h.]h/]h0]h1]h3]uh5K\h6hh!]r5
��h?X=��DataONE will engage with research libraries both as contributors of data
provided by DataONE and as institutional users of DataONE digital data
services. Appropriate Partnership Agreements will be created and executed in
order to understand the agreed levels of mutual service between DataONE and
research libraries. Educational Institutions: DataONE will view educational
institutions as users and outreach and education opportunities. DataONE will
engage with institutions and their students as individuals or a group to
define user access rules and acceptable use policyr6
��ÖÅr7
��}r8
��(h&j3
��h'j1
��ubaubh^)År9
��}r:
��(h&X���**Standards Bodies**r;
��h'hïh(h)h*hah,}r<
��(h.]h/]h0]h1]h3]uh5Keh6hh!]r=
��h∞)År>
��}r?
��(h&j;
��h,}r@
��(h.]h/]h0]h1]h3]uh'j9
��h!]rA
��h?X���Standards BodiesrB
��ÖÅrC
��}rD
��(h&U�h'j>
��ubah*h∏ubaubh^)ÅrE
��}rF
��(h&Xz���DataONE will use several data and computing standards both for operations and
as cybersecurity policy and plan guidelines.rG
��h'hïh(h)h*hah,}rH
��(h.]h/]h0]h1]h3]uh5Kgh6hh!]rI
��h?Xz���DataONE will use several data and computing standards both for operations and
as cybersecurity policy and plan guidelines.rJ
��ÖÅrK
��}rL
��(h&jG
��h'jE
��ubaubh^)ÅrM
��}rN
��(h&X���**DataNet Partners**rO
��h'hïh(h)h*hah,}rP
��(h.]h/]h0]h1]h3]uh5Kjh6hh!]rQ
��h∞)ÅrR
��}rS
��(h&jO
��h,}rT
��(h.]h/]h0]h1]h3]uh'jM
��h!]rU
��h?X���DataNet PartnersrV
��ÖÅrW
��}rX
��(h&U�h'jR
��ubah*h∏ubaubh^)ÅrY
��}rZ
��(h&X���All DataNet awardees will, in concert, develop appropriate uniform approaches
to data management and curation for the DataNet program. DataONE cybersecurity
policies and posture will need to be compatible with DataNet guidelines.r[
��h'hïh(h)h*hah,}r\
��(h.]h/]h0]h1]h3]uh5Klh6hh!]r]
��h?X���All DataNet awardees will, in concert, develop appropriate uniform approaches
to data management and curation for the DataNet program. DataONE cybersecurity
policies and posture will need to be compatible with DataNet guidelines.r^
��ÖÅr_
��}r`
��(h&j[
��h'jY
��ubaubh^)Åra
��}rb
��(h&X.���**The U.S. National Science Foundation (NSF)**rc
��h'hïh(h)h*hah,}rd
��(h.]h/]h0]h1]h3]uh5Kph6hh!]re
��h∞)Årf
��}rg
��(h&jc
��h,}rh
��(h.]h/]h0]h1]h3]uh'ja
��h!]ri
��h?X*���The U.S. National Science Foundation (NSF)rj
��ÖÅrk
��}rl
��(h&U�h'jf
��ubah*h∏ubaubh^)Årm
��}rn
��(h&Xû���DataONE and DataNet project and program sponsor. DataONE is responsible to NSF
for cybersecurity operations and any Foundation specific policies or
practices.ro
��h'hïh(h)h*hah,}rp
��(h.]h/]h0]h1]h3]uh5Krh6hh!]rq
��h?Xû���DataONE and DataNet project and program sponsor. DataONE is responsible to NSF
for cybersecurity operations and any Foundation specific policies or
practices.rr
��ÖÅrs
��}rt
��(h&jo
��h'jm
��ubaubeubh#)Åru
��}rv
��(h&U�h'h$h(h)h*h+h,}rw
��(h.]h/]h0]h1]rx
��hah3]ry
��h
auh5Kxh6hh!]rz
��(h8)År{
��}r|
��(h&X(���Institutional Cybersecurity Requirementsr}
��h'ju
��h(h)h*h<h,}r~
��(h.]h/]h0]h1]h3]uh5Kxh6hh!]r
��h?X(���Institutional Cybersecurity RequirementsrÄ
��ÖÅrÅ
��}rÇ
��(h&j}
��h'j{
��ubaubh^)ÅrÉ
��}rÑ
��(h&X��Cyber-infrastructure resources in the form of data collections, access
methods, data storage, and computational resources will need to operate within
the established operational envelope of home institution of each DataONE
component. In many instances this will be an institution of higher education
where the operational envelope is defined by the institution in a process that
may vary from informal to quite formal. In addition, some DataONE
cyber-resources will originate within US agencies where FIPS and other NIST
standards will need to be applied in order to receive a formal authorization
for operations. Future DataONE cyber-resources will be located at institutions
under foreign government institutions, where the governing laws, policies, and
social practices may have significant differences from those at US
institutions. In each instance, the home institution’s policy environment will
be recognized and observed where possible. Where the home institution’s
policies are not compatible with DataONE needs, home institution policy
exceptions will be sought and obtained or we will find some other mechanism to
address the incompatibility.rÖ
��h'ju
��h(h)h*hah,}rÜ
��(h.]h/]h0]h1]h3]uh5Kzh6hh!]rá
��h?X��Cyber-infrastructure resources in the form of data collections, access
methods, data storage, and computational resources will need to operate within
the established operational envelope of home institution of each DataONE
component. In many instances this will be an institution of higher education
where the operational envelope is defined by the institution in a process that
may vary from informal to quite formal. In addition, some DataONE
cyber-resources will originate within US agencies where FIPS and other NIST
standards will need to be applied in order to receive a formal authorization
for operations. Future DataONE cyber-resources will be located at institutions
under foreign government institutions, where the governing laws, policies, and
social practices may have significant differences from those at US
institutions. In each instance, the home institution’s policy environment will
be recognized and observed where possible. Where the home institution’s
policies are not compatible with DataONE needs, home institution policy
exceptions will be sought and obtained or we will find some other mechanism to
address the incompatibility.rà
��ÖÅrâ
��}rä
��(h&jÖ
��h'jÉ
��ubaubh^)Årã
��}rå
��(h&X√���Cybersecurity requirements will originate from the requirements of the data
itself, primarily in the form of maintaining data integrity, but also
availability and, in some cases, confidentiality.rç
��h'ju
��h(h)h*hah,}ré
��(h.]h/]h0]h1]h3]uh5Kãh6hh!]rè
��h?X√���Cybersecurity requirements will originate from the requirements of the data
itself, primarily in the form of maintaining data integrity, but also
availability and, in some cases, confidentiality.rê
��ÖÅrë
��}rí
��(h&jç
��h'jã
��ubaubeubh#)Årì
��}rî
��(h&U�h'h$h(h)h*h+h,}rï
��(h.]h/]h0]h1]rñ
��h ah3]ró
��hauh5Këh6hh!]rò
��(h8)Årô
��}rö
��(h&X'���DataONE Wide Cybersecurity Requirementsrõ
��h'jì
��h(h)h*h<h,}rú
��(h.]h/]h0]h1]h3]uh5Këh6hh!]rù
��h?X'���DataONE Wide Cybersecurity Requirementsrû
��ÖÅrü
��}r†
��(h&jõ
��h'jô
��ubaubh^)År°
��}r¢
��(h&X
��In addition to the home institutions policy frameworks, DataONE resources as a
collective entity will have an overlay cybersecurity framework that will
integrate the diverse home institution policies in order to achieve DataONE
goals. Specifically, DataONE will:r£
��h'jì
��h(h)h*hah,}r§
��(h.]h/]h0]h1]h3]uh5Kìh6hh!]r•
��h?X
��In addition to the home institutions policy frameworks, DataONE resources as a
collective entity will have an overlay cybersecurity framework that will
integrate the diverse home institution policies in order to achieve DataONE
goals. Specifically, DataONE will:r¶
��ÖÅrß
��}r®
��(h&j£
��h'j°
��ubaubcdocutils.nodes
block_quote
r©
��)År™
��}r´
��(h&U�h'jì
��h(Nh*Ublock_quoter¨
��h,}r≠
��(h.]h/]h0]h1]h3]uh5Nh6hh!]rÆ
��(h^)ÅrØ
��}r∞
��(h&XY��Initiate a DataONE cybersecurity coordination group. This group will help
develop and implement policy at all DataONE components. In general, this
policy will be guided by generally accepted best practices and is expected
to establish a set of base requirements and a means to map those
requirements to common frameworks (such as NIST and FIPS documents). This
policy will also provide a framework for the consistent application of
common policy guidelines, such as FIPS 199 information security
classification, by providing more specific examples of terms and
applications within the DataONE context.r±
��h'j™
��h(h)h*hah,}r≤
��(h.]h/]h0]h1]h3]uh5Kòh!]r≥
��h?XY��Initiate a DataONE cybersecurity coordination group. This group will help
develop and implement policy at all DataONE components. In general, this
policy will be guided by generally accepted best practices and is expected
to establish a set of base requirements and a means to map those
requirements to common frameworks (such as NIST and FIPS documents). This
policy will also provide a framework for the consistent application of
common policy guidelines, such as FIPS 199 information security
classification, by providing more specific examples of terms and
applications within the DataONE context.r¥
��ÖÅrµ
��}r∂
��(h&j±
��h'jØ
��ubaubh^)År∑
��}r∏
��(h&X—���Develop cybersecurity language (or appropriate pointers to such language)
within Partnership Agreements in order to document agreements and expected
service levels between DataONE and its fundamental entities:rπ
��h'j™
��h(h)h*hah,}r∫
��(h.]h/]h0]h1]h3]uh5K¢h!]rª
��h?X—���Develop cybersecurity language (or appropriate pointers to such language)
within Partnership Agreements in order to document agreements and expected
service levels between DataONE and its fundamental entities:rº
��ÖÅrΩ
��}ræ
��(h&jπ
��h'j∑
��ubaubcdocutils.nodes
bullet_list
rø
��)År¿
��}r¡
��(h&U�h,}r¬
��(Ubulletr√
��X
���-h1]h0]h.]h/]h3]uh'j™
��h!]rƒ
��(cdocutils.nodes
list_item
r≈
��)År∆
��}r«
��(h&X���Users
h,}r»
��(h.]h/]h0]h1]h3]uh'j¿
��h!]r…
��h^)År 
��}r��(h&X���UsersrÃ
��h'j∆
��h(h)h*hah,}rÕ
��(h.]h/]h0]h1]h3]uh5K¶h!]rŒ
��h?X���Usersrœ
��ÖÅr–
��}r—
��(h&jÃ
��h'j 
��ubaubah*U	list_itemr“
��ubj≈
��)År”
��}r‘
��(h&X���Data contributors
h,}r’
��(h.]h/]h0]h1]h3]uh'j¿
��h!]r÷
��h^)År◊
��}rÿ
��(h&X���Data contributorsrŸ
��h'j”
��h(h)h*hah,}r⁄
��(h.]h/]h0]h1]h3]uh5K®h!]r€
��h?X���Data contributorsr‹
��ÖÅr›
��}rfi
��(h&jŸ
��h'j◊
��ubaubah*j“
��ubj≈
��)Årfl
��}r‡
��(h&X���Coordinating nodes
h,}r·
��(h.]h/]h0]h1]h3]uh'j¿
��h!]r‚
��h^)År„
��}r‰
��(h&X���Coordinating nodesrÂ
��h'jfl
��h(h)h*hah,}rÊ
��(h.]h/]h0]h1]h3]uh5K™h!]rÁ
��h?X���Coordinating nodesrË
��ÖÅrÈ
��}rÍ
��(h&jÂ
��h'j„
��ubaubah*j“
��ubj≈
��)ÅrÎ
��}rÏ
��(h&X
���Member nodes
h,}rÌ
��(h.]h/]h0]h1]h3]uh'j¿
��h!]rÓ
��h^)ÅrÔ
��}r
��(h&X���Member nodesrÒ
��h'jÎ
��h(h)h*hah,}rÚ
��(h.]h/]h0]h1]h3]uh5K¨h!]rÛ
��h?X���Member nodesrÙ
��ÖÅrı
��}rˆ
��(h&jÒ
��h'jÔ
��ubaubah*j“
��ubj≈
��)År˜
��}r¯
��(h&X*���DataONE staff at sub-awardee institutions
h,}r˘
��(h.]h/]h0]h1]h3]uh'j¿
��h!]r˙
��h^)År˚
��}r¸
��(h&X)���DataONE staff at sub-awardee institutionsr˝
��h'j˜
��h(h)h*hah,}r˛
��(h.]h/]h0]h1]h3]uh5KÆh!]rˇ
��h?X)���DataONE staff at sub-awardee institutionsr���ÖÅr
��}r��(h&j˝
��h'j˚
��ubaubah*j“
��ubj≈
��)År��}r��(h&X.���DataONE Collaboration and Public web presence
h,}r��(h.]h/]h0]h1]h3]uh'j¿
��h!]r��h^)År��}r��(h&X-���DataONE Collaboration and Public web presencer	��h'j��h(h)h*hah,}r
��(h.]h/]h0]h1]h3]uh5K∞h!]r��h?X-���DataONE Collaboration and Public web presencer��ÖÅr
��}r��(h&j	��h'j��ubaubah*j“
��ubj≈
��)År��}r��(h&XT���Document DataONE uniform operational requirements and best practices as
appropriate
h,}r��(h.]h/]h0]h1]h3]uh'j¿
��h!]r��h^)År��}r��(h&XS���Document DataONE uniform operational requirements and best practices as
appropriater��h'j��h(h)h*hah,}r��(h.]h/]h0]h1]h3]uh5K≤h!]r��h?XS���Document DataONE uniform operational requirements and best practices as
appropriater��ÖÅr��}r��(h&j��h'j��ubaubah*j“
��ubj≈
��)År��}r��(h&Xl���Develop a DataONE-wide incidence response playbook, including a point of
contact at each DataONE component.
h,}r��(h.]h/]h0]h1]h3]uh'j¿
��h!]r��h^)År��}r ��(h&Xk���Develop a DataONE-wide incidence response playbook, including a point of
contact at each DataONE component.r!��h'j��h(h)h*hah,}r"��(h.]h/]h0]h1]h3]uh5Kµh!]r#��h?Xk���Develop a DataONE-wide incidence response playbook, including a point of
contact at each DataONE component.r$��ÖÅr%��}r&��(h&j!��h'j��ubaubah*j“
��ubj≈
��)År'��}r(��(h&Xˆ���Analyze the emergent behavior issues that, from a DataONE-wide point of
view, are highly important to DataONE’s success. Such issue will include,
among other things: data integrity and availability; data access control;
and federated identity.
h,}r)��(h.]h/]h0]h1]h3]uh'j¿
��h!]r*��h^)År+��}r,��(h&Xı���Analyze the emergent behavior issues that, from a DataONE-wide point of
view, are highly important to DataONE’s success. Such issue will include,
among other things: data integrity and availability; data access control;
and federated identity.r-��h'j'��h(h)h*hah,}r.��(h.]h/]h0]h1]h3]uh5K∏h!]r/��h?Xı���Analyze the emergent behavior issues that, from a DataONE-wide point of
view, are highly important to DataONE’s success. Such issue will include,
among other things: data integrity and availability; data access control;
and federated identity.r0��ÖÅr1��}r2��(h&j-��h'j+��ubaubah*j“
��ubj≈
��)År3��}r4��(h&Xª���Develop an incident sharing mechanism and policy among DataONE components,
including real-time data sharing and available, sufficiently secure
communication means for during an incident.
h,}r5��(h.]h/]h0]h1]h3]uh'j¿
��h!]r6��h^)År7��}r8��(h&X∫���Develop an incident sharing mechanism and policy among DataONE components,
including real-time data sharing and available, sufficiently secure
communication means for during an incident.r9��h'j3��h(h)h*hah,}r:��(h.]h/]h0]h1]h3]uh5KΩh!]r;��h?X∫���Develop an incident sharing mechanism and policy among DataONE components,
including real-time data sharing and available, sufficiently secure
communication means for during an incident.r<��ÖÅr=��}r>��(h&j9��h'j7��ubaubah*j“
��ubeh*Ubullet_listr?��ubeubh^)År@��}rA��(h&Xè���In this fashion, DataONE will attempt to create an integrated cybersecurity
environment that meets its needs while not being overly burdensome.rB��h'jì
��h(h)h*hah,}rC��(h.]h/]h0]h1]h3]uh5K¡h6hh!]rD��h?Xè���In this fashion, DataONE will attempt to create an integrated cybersecurity
environment that meets its needs while not being overly burdensome.rE��ÖÅrF��}rG��(h&jB��h'j@��ubaubeubh#)ÅrH��}rI��(h&U�h'h$h(h)h*h+h,}rJ��(h.]h/]h0]h1]rK��hah3]rL��h	auh5K≈h6hh!]rM��(h8)ÅrN��}rO��(h&XK���DataONE Cybersecurity Planning Posture Progression Through Project LifetimerP��h'jH��h(h)h*h<h,}rQ��(h.]h/]h0]h1]h3]uh5K≈h6hh!]rR��h?XK���DataONE Cybersecurity Planning Posture Progression Through Project LifetimerS��ÖÅrT��}rU��(h&jP��h'jN��ubaubh^)ÅrV��}rW��(h&X[
��The DataONE cybersecurity plan and subsidiary documents are living efforts.
They will be reviewed and potentially revised annually. In addition, annual
assessments will focus on parts of the cybersecurity environment where issues
or improvements can be made either because of identified vulnerabilities of
because of evolving cybersecurity issues.rX��h'jH��h(h)h*hah,}rY��(h.]h/]h0]h1]h3]uh5K«h6hh!]rZ��h?X[
��The DataONE cybersecurity plan and subsidiary documents are living efforts.
They will be reviewed and potentially revised annually. In addition, annual
assessments will focus on parts of the cybersecurity environment where issues
or improvements can be made either because of identified vulnerabilities of
because of evolving cybersecurity issues.r[��ÖÅr\��}r]��(h&jX��h'jV��ubaubeubh#)År^��}r_��(h&U�h'h$h(h)h*h+h,}r`��(h.]h/]h0]h1]ra��hah3]rb��hauh5KŒh6hh!]rc��(h8)Ård��}re��(h&X4���Cybersecurity Milestones in DataONE Project Year Onerf��h'j^��h(h)h*h<h,}rg��(h.]h/]h0]h1]h3]uh5KŒh6hh!]rh��h?X4���Cybersecurity Milestones in DataONE Project Year Oneri��ÖÅrj��}rk��(h&jf��h'jd��ubaubh^)Årl��}rm��(h&X
��The DataONE cybersecurity coordination group will be constituted. It will
consist of the deputy director for operations, selected CCIT members,
leadership team representation, working group leads from the Federated
Security group, and other members as appropriate. This group will:rn��h'j^��h(h)h*hah,}ro��(h.]h/]h0]h1]h3]uh5K–h6hh!]rp��h?X
��The DataONE cybersecurity coordination group will be constituted. It will
consist of the deputy director for operations, selected CCIT members,
leadership team representation, working group leads from the Federated
Security group, and other members as appropriate. This group will:rq��ÖÅrr��}rs��(h&jn��h'jl��ubaubjø
��)Årt��}ru��(h&U�h'j^��h(h)h*j?��h,}rv��(j√
��X
���-h1]h0]h.]h/]h3]uh5K’h6hh!]rw��(j≈
��)Årx��}ry��(h&X:���draft a charter and get it approved as a project document
h'jt��h(h)h*j“
��h,}rz��(h.]h/]h0]h1]h3]uh5Nh6hh!]r{��h^)År|��}r}��(h&X9���draft a charter and get it approved as a project documentr~��h'jx��h(h)h*hah,}r��(h.]h/]h0]h1]h3]uh5K’h!]rÄ��h?X9���draft a charter and get it approved as a project documentrÅ��ÖÅrÇ��}rÉ��(h&j~��h'j|��ubaubaubj≈
��)ÅrÑ��}rÖ��(h&Xï���Develop DataONE security policies for coordinating node, member nodes, and
data collection providers as part of their DataONE Partnership Agreements
h'jt��h(h)h*j“
��h,}rÜ��(h.]h/]h0]h1]h3]uh5Nh6hh!]rá��h^)Årà��}râ��(h&Xî���Develop DataONE security policies for coordinating node, member nodes, and
data collection providers as part of their DataONE Partnership Agreementsrä��h'jÑ��h(h)h*hah,}rã��(h.]h/]h0]h1]h3]uh5K◊h!]rå��h?Xî���Develop DataONE security policies for coordinating node, member nodes, and
data collection providers as part of their DataONE Partnership Agreementsrç��ÖÅré��}rè��(h&jä��h'jà��ubaubaubj≈
��)Årê��}rë��(h&XY���Develop DataONE acceptable use policy and appropriate user access
acknowledgement format
h'jt��h(h)h*j“
��h,}rí��(h.]h/]h0]h1]h3]uh5Nh6hh!]rì��h^)Årî��}rï��(h&XX���Develop DataONE acceptable use policy and appropriate user access
acknowledgement formatrñ��h'jê��h(h)h*hah,}ró��(h.]h/]h0]h1]h3]uh5K⁄h!]rò��h?XX���Develop DataONE acceptable use policy and appropriate user access
acknowledgement formatrô��ÖÅrö��}rõ��(h&jñ��h'jî��ubaubaubj≈
��)Årú��}rù��(h&X.���Draft the initial DataONE cybersecurity plan.
h'jt��h(h)h*j“
��h,}rû��(h.]h/]h0]h1]h3]uh5Nh6hh!]rü��h^)År†��}r°��(h&X-���Draft the initial DataONE cybersecurity plan.r¢��h'jú��h(h)h*hah,}r£��(h.]h/]h0]h1]h3]uh5K›h!]r§��h?X-���Draft the initial DataONE cybersecurity plan.r•��ÖÅr¶��}rß��(h&j¢��h'j†��ubaubaubj≈
��)År®��}r©��(h&X¶���Plan for annual assessment and revision to include, for example, a DataONE
wide security incident response contact list and a DataONE wide security
incident playbook
h'jt��h(h)h*j“
��h,}r™��(h.]h/]h0]h1]h3]uh5Nh6hh!]r´��h^)År¨��}r≠��(h&X•���Plan for annual assessment and revision to include, for example, a DataONE
wide security incident response contact list and a DataONE wide security
incident playbookrÆ��h'j®��h(h)h*hah,}rØ��(h.]h/]h0]h1]h3]uh5Kflh!]r∞��h?X•���Plan for annual assessment and revision to include, for example, a DataONE
wide security incident response contact list and a DataONE wide security
incident playbookr±��ÖÅr≤��}r≥��(h&jÆ��h'j¨��ubaubaubeubeubh#)År¥��}rµ��(h&U�h'h$h(h)h*h+h,}r∂��(h.]h/]h0]h1]r∑��hah3]r∏��hauh5K‰h6hh!]rπ��(h8)År∫��}rª��(h&X���Approval Workflowrº��h'j¥��h(h)h*h<h,}rΩ��(h.]h/]h0]h1]h3]uh5K‰h6hh!]ræ��h?X���Approval Workflowrø��ÖÅr¿��}r¡��(h&jº��h'j∫��ubaubh^)År¬��}r√��(h&Xl
��This section is the initial cybersecurity plan for DataONE. Its approval
process is via the DataONE leadership team and PI. This initial cybersecurity
plan is part of the overall DataONE project management plan. Future annual
revisions of the cybersecurity plan will be via a standalone document that
will be drawn from this section of the project management plan.rƒ��h'j¥��h(h)h*hah,}r≈��(h.]h/]h0]h1]h3]uh5KÊh6hh!]r∆��h?Xl
��This section is the initial cybersecurity plan for DataONE. Its approval
process is via the DataONE leadership team and PI. This initial cybersecurity
plan is part of the overall DataONE project management plan. Future annual
revisions of the cybersecurity plan will be via a standalone document that
will be drawn from this section of the project management plan.r«��ÖÅr»��}r…��(h&jƒ��h'j¬��ubaubeubeubah&U�Utransformerr ��NU
footnote_refsrÀ��}rÃ��UrefnamesrÕ��}rŒ��X���dataone management plan]rœ��hhasUsymbol_footnotesr–��]r—��Uautofootnote_refsr“��]r”��Usymbol_footnote_refsr‘��]r’��U	citationsr÷��]r◊��h6hUcurrent_linerÿ��NUtransform_messagesrŸ��]r⁄��Ureporterr€��NUid_startr‹��K
U
autofootnotesr›��]rfi��U
citation_refsrfl��}r‡��Uindirect_targetsr·��]r‚��Usettingsr„��(cdocutils.frontend
Values
r‰��orÂ��}rÊ��(Ufootnote_backlinksrÁ��K
Urecord_dependenciesrË��NUrfc_base_urlrÈ��Uhttps://tools.ietf.org/html/rÍ��U	tracebackrÎ��àUpep_referencesrÏ��NUstrip_commentsrÌ��NU
toc_backlinksr��Uentryr��U
language_coder��UenrÒ��U	datestamprÚ��NUreport_levelrÛ��KU_destinationrÙ��NU
halt_levelrı��KU
strip_classesrˆ��Nh<NUerror_encoding_error_handlerr˜��Ubackslashreplacer¯��Udebugr˘��NUembed_stylesheetr˙��âUoutput_encoding_error_handlerr˚��Ustrictr¸��U
sectnum_xformr˝��K
Udump_transformsr˛��NU
docinfo_xformrˇ��K
Uwarning_streamr���NUpep_file_url_templater
��Upep-%04dr��Uexit_status_levelr��KUconfigr��NUstrict_visitorr��NUcloak_email_addressesr��àUtrim_footnote_reference_spacer��âUenvr��NUdump_pseudo_xmlr	��NUexpose_internalsr
��NUsectsubtitle_xformr��âUsource_linkr��NUrfc_referencesr
��NUoutput_encodingr��Uutf-8r��U
source_urlr��NUinput_encodingr��U	utf-8-sigr��U_disable_configr��NU	id_prefixr��U�U	tab_widthr��KUerror_encodingr��UUTF-8r��U_sourcer��h)Ugettext_compactr��àU	generatorr��NUdump_internalsr��NUsmart_quotesr��âUpep_base_urlr��U https://www.python.org/dev/peps/r��Usyntax_highlightr��Ulongr ��Uinput_encoding_error_handlerr!��j¸��Uauto_id_prefixr"��Uidr#��Udoctitle_xformr$��âUstrip_elements_with_classesr%��NU
_config_filesr&��]Ufile_insertion_enabledr'��àUraw_enabledr(��K
U
dump_settingsr)��NubUsymbol_footnote_startr*��K�Uidsr+��}r,��(hhhj^��hju
��h jì
��hhïhjH��hhxhj¥��hh$uUsubstitution_namesr-��}r.��h*h6h,}r/��(h.]h1]h0]Usourceh)h/]h3]uU	footnotesr0��]r1��Urefidsr2��}r3��ub.