Secure & Compliant Managed Cloud Services

The Sherlock Team has built an infrastructure that allows it to provide top-notch compliant managed services to its partners who need a secure environment to protect sensitive data and prefer a more hands-off approach when it comes to the intricacies and requirements of compliance.  Particularly, the Sherlock Team is well-versed in the systems and security requirements necessary for data falling within the parameters of the Federal Information Security Management Act of 2002 (FISMA), the Health Insurance Portability and Accountability Act (HIPAA), Controlled Unclassified Information (CUI), and Cybersecurity Framework (CSF); this expertise enables the team to perform the systems and security requirements of compliance, which are often deemed cumbersome, daunting and time-consuming, while allowing its partners to concentrate on the substance of their important research and business initiatives, missions and goals.

FISMA

Sherlock Cloud is a FISMA-certified environment that undergoes yearly third-party audits required for certification purposes.  Notably, Sherlock Cloud has successfully passed all audits since its inception in 2008.  To be classified as a FISMA-certified environment, organizations must develop and maintain its environment in accordance with National Institute of Standards and Technology (NIST) 800-53 requirements, which govern system access, information control, and management processes.  NIST standards include 17 families of controls, which totals over 180 controls and sub-controls.  Moreover, the Sherlock Team has generated and regularly updates the required Lifecycle Documentation (e.g., Systems Security Plan, Contingency Plan, Incident Response Plan, Risk Assessment Plan, etc.).

Sherlock Cloud is the largest FIMSA-certified cloud within the UC system.

HIPAA

Leveraging its FISMA experience, the Sherlock Team expanded its cloud offering to include a HIPAA-compliant environment.  This environment was built according to NIST 800-53 requirements to comprehensively address the administrative, physical, and technical safeguards required by HIPAA.  Sherlock Cloud’s HIPAA environment has successfully passed external and internal audits, thereby ensuring the security and privacy of Protected Health Information (PHI) and electronic Protected Health Information (ePHI). 

Sherlock Cloud is a multi-tenant cloud for researchers and businesses.

CUI

A more recent addition to the Sherlock Cloud portfolio is its environment that is compliant with CUI (NIST 800-171).  The federal government requires nonfederal entities to protect non-classified information that they receive from a federal entity; CUI must be protected when processed, stored, transmitted and used in nonfederal information systems.  As the CUI requirements provided in NIST 800-171 are based on the NIST 800-53 Moderate baseline (and FIPS 200), the Sherlock Team was able to seamlessly create an environment that provides the necessary safeguards.  A sampling of the Sherlock Cloud’s protections include: cryptographic mechanisms to protect CUI confidentiality on transport, screening individuals prior to authorizing access to information systems containing CUI, and sanitizing or destroying information system media containing CUI before disposal or release for reuse.

Sherlock Cloud is a tremendous resource for those in Higher Education working with CUI.

CSF

Sherlock Cloud is also compliant with NIST’s CSF, which provides a policy framework of computer security guidance delineating how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.  The Sherlock Team has generated a System Security Plan that addresses the security controls specifically cited in the CSF and a Risk Assessment Plan that is based on NIST’s Special Publication (SP) 800-30, Risk Management Guide for Information Technology Systems, and that meets the CSF Risk Assessment requirements.  The Team also annually reviews risks to ensure compliance with CSF.

Sherlock Cloud is available to protect all of your sensitive data and manage the services necessary for compliance!

Go to top