The University of Iowa enterprise data centers located at the Information Technology Center (ITF) and at Lindquist Center (LC) follow all NIST 800-53 and NIST 800-171 security standards.  These data centers have been approved to host systems that contain export-controlled research data (e.g. ITAR) by both the Information Security and Policy Office and Export Control.  The managed hosting service provides the following:
 

Access Control

The ITF data center is a climate-controlled, secured environment with two-factor authentication.  Physical access is controlled via individually-issued electronic card-keys using a card-key system that logs all entry events as well as biometric verification.  The LC datacenter, used as a backup to ITF, controls physical access using a card-key system that logs all entry events.  At both ITF and LC data centers, quarterly audits of physical access are reviewed and confirmed.
 

No physical access will be granted to non-US Persons without an export license, exemption, or other government authorization.  US Person status will be confirmed by the ITS Human Resources Department before physical access requests are granted for OneIT.  Exception status will be confirmed with the Division of Sponsored Programs Export Control staff.
 

To begin the process to host and achieve a compliant solution to ITAR-covered research data at the ITF or LC data centers, seek guidance from Export Control, the Information Security and Policy Office (ISPO), and OneIT.  Please visit the How to Begin Working with Export-Controlled Technical Data article, which outlines the process in detail.
 

For more information on export control regulations, please visit DSP Export Control webpage or reach out to export-control@uiowa.edu.  Questions about technical implementations that support ITAR/EAR compliance can be sent to research-computing@uiowa.edu.