This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
sensitive_data [2021/06/16 13:10] root |
sensitive_data [2022/01/26 09:38] root |
||
---|---|---|---|
Line 16: | Line 16: | ||
* The cluster does not expire passwords (although unused accounts are locked after 6 months). Newer best practices do not consider complexity requirements and expiration of passwords to be worthwhile (e.g. 2019 NIST 800-63). | * The cluster does not expire passwords (although unused accounts are locked after 6 months). Newer best practices do not consider complexity requirements and expiration of passwords to be worthwhile (e.g. 2019 NIST 800-63). | ||
* The cluster does not limit copying of data which you have permission to read. | * The cluster does not limit copying of data which you have permission to read. | ||
- | * The cluster does not yet have 2-factor authentication | + | * The cluster does not yet have 2-factor authentication. |
- | ==== Encrypted Disk Volume /home6 ==== | + | **It is your responsibility to ensure that your sensitive data is adequately protected (the system administrators can't determine which data are sensitive): but you can let the administrators know about specific needs and get help with making sure that the data are secure.** |
- | One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted by default (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest" | + | ==== Encrypted Disk Volumes ==== |
- | If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to /home6. | + | One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest" |
+ | |||
+ | If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume. | ||
The /scratch volume is not backed up, but is encrypted. | The /scratch volume is not backed up, but is encrypted. |