The Administrative Data Research Facility (ADRF) provides a secure platform to host confidential micro-data. The ADRF system has been granted FedRAMP moderate pre-authorization and is designed to scale to different amounts and types of use. The ADRF is not just a single configuration of computing resources. Instead, it provides a set of data analysis components that can be combined in different ways, within the secure ADRF boundary, to meet a wide range of analytical needs. From traditional statistical analysis of data, to configurations that could be used to combine heterogeneous data. This technical flexibility, combined with our user, project, and data set management tools, allow for a given instance of the ADRF to securely and nimbly serve diverse data, analytical, and security needs.
Datasets are complex in their own right; when data need to be combined from different sources, across different policy domains, it is necessary for teams of researchers to work together. This means that collaborative activities must be fostered and tools provided so that it is easy to share information.
The ADRF FedRAMP security procedures are documented in a 400 page system security plan submitted to the Census Bureau. Security is implemented in three layers: Cloud infrastructure, operational security and application layer security. After reviewing our completed FedRAMP pre-Readiness Assessment, the Census Bureau has provided the ADRF system with an Authority to Test. We expect Provisional FedRAMP approval by August 2017 and full FedRAMP approval by September 2017.
Data Stewardship Module
The module controls who has access to which data and what ADRF content is related to that data. These functions are essential in that they provide controls while also enabling straightforward answers to critical questions such as “which projects use my data?” or “how is my data being used and which by products were generated by whom?”
The ADRF has developed a library of re-usable programs that implement hashing algorithms and salting strategies that can be used to consistently hash value across data sets for de-identified comparison. We also have validated processes for project-based secure storage and reuse of salts and keys used to hash across data sets. We build a secure hashing module to the suite of tools provided to each project to support relating de-identified data sets.
SAFE DATA STRATEGY
approved, trained researchers
only access data in a secure environment
approved projects consistent with agency mission
review to limit disclosure before data are released