Citadel: Restricted Research Computing Environment
The Citadel Enclave (or Citadel) is the CHPC's environment for restricted research. Currently, Citadel is configured as a CMMC 2.0 Level 2 environment to support research projects involving Controlled Unclassified Information (CUI) and/or Federal Contract Information (FCI).
Over time, the environment may be expanded and modified to meet the requirements of other types of restricted research. Please note that researchers with projects involving Protected Health Information (PHI)—without other types of sensitive information (CUI and/or FCI)—should use the Protected Environment.
On this page
The table of contents requires JavaScript to load.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) program was established by the US Department of Defense (DoD) to standardize security practices and procedures to protect sensitive information—specifically, Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)—shared with DoD contractors and subcontractors. Its conventions are now used by other departments within the Executive Branch. The CMMC program ensures that contractors and subcontractors are meeting the cybersecurity requirements needed to handle sensitive information. For more information, please see https://dodcio.defense.gov/CMMC/about/.
Citadel is aligned with CMMC 2.0 Level 2, which has 110 security controls based on the NIST SP 800-171 standard. The environment is needed by researchers who are planning to use CHPC resources for projects with a contract that describes data as CUI or FCI. This requirement will be made apparent through discussions between researchers and the Office of Sponsored Projects (OSP).
Acceptable Use of Citadel
When you log in to Citadel, you are acknowledging that you understand and consent to the following terms:
- This system may contain data restricted by law, including CUI (Controlled Unclassified Information) with specific requirements imposed by the Department of Defense
- Use of the information system may be subject to other specified requirements associated with certain types of CUI such as export-controlled information
- This system is for authorized use only, as defined in the scope of the project for which access was granted; any changes to the scope of the project must be submitted and approved before any work proceeds
- Unauthorized use is prohibited and subject to criminal, civil, and/or other proceedings or penalties
- Use of this system may be monitored or recorded and is subject to audit
- You have no expectation of privacy regarding any communications or data transiting or stored on this information system; communications and data are routinely monitored for authorized purposes including, but not limited to, vulnerability testing, communications monitoring, network operations, and personnel misconduct investigations
- Any communications or data transiting or stored on this information system may be
disclosed or used in accordance with federal law or regulation
- You will abide by any additional restrictions and/or terms listed in the Citadel System Security Plan as well as by terms in any project-specific Technology Control Plan
Please see section 2.8 of the CHPC Policy Manual for additional details.
Access to the Citadel Enclave
Access to Citadel is provided on a per-project basis. The process starts with the OSP, where projects and grants with CUI are identified. The CHPC will be involved in meetings between researchers and the OSP. Once your project has been reviewed and a Technology Control Plan has been approved, the CHPC will proceed with setting up the project and provisioning accounts for researchers who require access. All users of Citadel will be required to participate in periodic training. Completing all assigned training satisfactorily is a prerequisite for using (or continuing to use, if you are assigned training again) the Citadel Enclave.